FileBird WordPress Plugin SQL Injection Vulnerability in Media Library Folders and File Manager

A SQL injection vulnerability has been identified in the FileBird WordPress plugin, specifically in the Media Library Folders & File Manager component. This vulnerability exists in all versions up to and including 6.4.8. The issue arises from inadequate escaping of user-supplied data in the 'search' parameter, allowing authenticated attackers with Author-level access or higher to inject additional SQL queries. Exploitation of this vulnerability could lead to unauthorized access to sensitive information stored in the database.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate SQL queries to extract sensitive data from the database.

Reproduction

To reproduce this vulnerability, an authenticated user with Author-level access or higher can send a request to the WordPress REST API endpoint used by the FileBird plugin. The 'search' parameter can be crafted to include SQL injection payloads that exploit the vulnerability by appending additional SQL commands to the original query. The lack of proper input sanitization and query preparation creates an opportunity to manipulate the SQL query execution, potentially leading to unauthorized data access.

Remediation

Users are advised to update the FileBird WordPress plugin to version 6.4.9 or later, where this vulnerability has been patched.