Primary

Context

FileBird WordPress Plugin Improper Authorization Vulnerability Allowing Settings Reset

Vulnerability

Patched

A vulnerability exists in the FileBird WordPress plugin, specifically in the Media Library Folders & File Manager version 6.4.9 and prior. The issue arises from a lack of proper capability checks in the '/filebird/v1/fb-wipe-clear-all-data' function. This flaw enables authenticated attackers with author-level access or higher to unauthorizedly modify data by resetting all configuration settings of the plugin.

Impact

Exploitation of this vulnerability allows for unauthorized modification of the plugin's data, specifically resetting all configuration settings to their defaults.

Remediation

Users can update to FileBird version 6.5.0 or a newer patched version to address this vulnerability.

Added: Oct 18, 2025, 7:22 AM

Updated: Oct 18, 2025, 7:22 AM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

6.1

remediation

7.7

relevance

0.8

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

6.1

remediation

7.7

relevance

0.8

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FileBird WordPress Plugin Improper Authorization Vulnerability Allowing Settings Reset

Vulnerability

Impact

Remediation

Affected Products

FileBird

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating