WordPress FileBird plugin <= 5.6.3 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Tim Coen in WordPress Plugin Filebird versions = 5.6.3...

WordPress FileBird plugin <= 5.6.3 - Authenticated (Author+) Insecure Direct Object Reference vulnerability

Authenticated Author+ Insecure Direct Object Reference vulnerability discovered by Tim Coen in WordPress Plugin Filebird versions = 5.6.3...

WordPress Filebird Plugin <= 5.6.3 is vulnerable to Cross Site Scripting (XSS)

Software Filebird Type Plugin Vulnerable versions = 5.6.3 Fixed in 5.6.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2345 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID de3d3d4867b8 Credits Tim Coen Required privilege...

FileBird < 5.6.4 - Author+ Users Folder Deletion

Description The plugin is vulnerable to Insecure Direct Object Reference via folder deletion due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with author access or higher, to delete folders created by other users and make their file uploads...

WordPress Filebird Plugin <= 5.6.3 is vulnerable to Insecure Direct Object References (IDOR)

Software Filebird Type Plugin Vulnerable versions = 5.6.3 Fixed in 5.6.4 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-2346 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 800a2ac6f56e Credits Tim Coen Required...

FileBird < 5.6.4 - Author+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the folder name parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access or higher, to inject arbitrary web scripts in pages that will execut...

CVE-2024-0691

The FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access, to...

CVE-2024-0691

The FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access, to...

Cross site scripting

The FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access, to...

CVE-2024-0691 FileBird <= 5.6.0 - Authenticated(Administrator+) Stored Cross-Site Scripting via Folder Import

The FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access, to...

CVE-2024-0691

The CVE-2024-0691 entry affects the WordPress FileBird plugin. Vulnerable component: imported folder titles handling in FileBird versions up to 5.5.8.1. Root cause: insufficient input sanitization and output escaping, enabling Stored Cross-Site Scripting. Impact: authenticated administrators can ...

PT-2024-15753 · WordPress · Filebird

Name of the Vulnerable Software and Affected Versions: FileBird plugin for WordPress versions up to, and including, 5.5.8.1 Description: The issue is related to Stored Cross-Site Scripting via imported folder titles due to insufficient input sanitization and output escaping. This allows...

WordPress plugin FileBird security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

FileBird < 5.6.1 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Filebird Plugin <= 5.6.0 is vulnerable to Cross Site Scripting (XSS)

Software Filebird Type Plugin Vulnerable versions = 5.6.0 Fixed in 5.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0691 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 80c98e521f35 Credits Thomas Sanzey Required privileg...

WordPress Filebird Plugin <= 5.1.4 is vulnerable to Broken Access Control

Software Filebird Type Plugin Vulnerable versions = 5.1.4 Fixed in 5.1.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25966 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID a8a9a216e494 Credits Rafshanzani Suhada Required privileg...

WordPress Filebird plugin 4.7.3 SQLi Vulnerability

The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

CVE-2021-24385

The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the getcol function and it allows SQL injection. The Rest...

CVE-2021-24385

The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the getcol function and it allows SQL injection. The Rest...

Sql injection

The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the getcol function and it allows SQL injection. The Rest...