Skip to main content

Filebird

5 CVEs product

Monthly

CVE-2024-35166 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team Filebird.6.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Filebird
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-2346 MEDIUM PATCH This Month

The FileBird - WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.3 via folder deletion. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Filebird
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-2345 MEDIUM PATCH This Month

The FileBird - WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the folder name parameter in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Filebird
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-0691 MEDIUM PATCH This Month

The FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Filebird
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-24385 CRITICAL POC Act Now

The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Filebird
NVD WPScan
CVSS 3.1
9.8
EPSS
2.8%
EPSS 0% CVSS 5.3
MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team Filebird.6.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Filebird
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The FileBird - WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.3 via folder deletion. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Filebird
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

The FileBird - WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the folder name parameter in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Filebird
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Filebird
NVD VulDB
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Filebird
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy