VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 10 known issues Latest disclosed Dec 15, 2025

FileBird – WordPress Media Library Folders & File Manager Vulnerabilities

Review known vulnerability records for the WordPress plugin FileBird – WordPress Media Library Folders & File Manager (`filebird`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-12900, CVE-2025-11510 and CVE-2025-6986, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
10
High or Critical
1
Patch Coverage
100%
Last Updated
Dec 15, 2025
Priority CVE Quick Links

Fast paths into FileBird – WordPress Media Library Folders & File Manager CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
10
CVE-2021-24385 Critical 4.7.4
CVE-2021-24385 FileBird – WordPress Media Library Folders & File Manager SQL Injection

Filebird 4.7.3 - Unauthenticated SQL Injection

CVE-2025-6986 Medium 6.4.9
CVE-2025-6986 FileBird – WordPress Media Library Folders & File Manager SQL Injection

FileBird – WordPress Media Library Folders & File Manager <= 6.4.8 - Authenticated (Author+) SQL Injection

CVE-2024-2345 Medium 5.6.4
CVE-2024-2345 FileBird – WordPress Media Library Folders & File Manager Stored Cross-Site Scripting

FileBird – WordPress Media Library Folders & File Manager <= 5.6.3 - Authenticated (Author+) Stored Cross-Site Scripting

CVE-2024-0691 Medium 5.6.1
CVE-2024-0691 FileBird – WordPress Media Library Folders & File Manager Stored Cross-Site Scripting

FileBird <= 5.6.0 - Authenticated(Administrator+) Stored Cross-Site Scripting via Folder Import

CVE-2024-2346 Medium 5.6.4
CVE-2024-2346 FileBird – WordPress Media Library Folders & File Manager File Upload

FileBird – WordPress Media Library Folders & File Manager <= 5.6.3 - Authenticated (Author+) Insecure Direct Object Reference

CVE-2023-25966 Medium 5.1.5
CVE-2023-25966 FileBird – WordPress Media Library Folders & File Manager Vulnerability

Filebird <= 5.1.4 - Missing Authorization via resAdminPermissionsCheck

CVE-2025-12900 Medium 6.5.2
CVE-2025-12900 FileBird – WordPress Media Library Folders & File Manager Vulnerability

FileBird – WordPress Media Library Folders & File Manager <= 6.5.1 - Missing Authorization to Authenticated (Author+) Global Folders Tampering

CVE-2025-11510 Medium 6.5.0
CVE-2025-11510 FileBird – WordPress Media Library Folders & File Manager Vulnerability

FileBird <= 6.4.9 - Improper Authorization to Authenticated (Author+) Settings Reset

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for FileBird – WordPress Media Library Folders & File Manager so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
10 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
1 critical and 0 high severity findings.
Recent CVEs
CVE-2025-12900, CVE-2025-11510 and CVE-2025-6986
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for FileBird – WordPress Media Library Folders & File Manager

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-12900
CVE-2025-12900: FileBird – WordPress Media Library Folders & File Manager <= 6.5.1 - Missing Authorization to Authenticated (Author+) Global Folders Tampering

The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to missing authorization in all versions up to, and including, 6.5.1 via the "ConvertController::insertToNewTable" function due to missing validation on a user controlled key. This ma...

Published
Dec 15, 2025
Patched Release
6.5.2
Affected Versions
Versions up to 6.5.1
Next Step
Update to 6.5.2 or newer if supported.
Open CVE-2025-12900 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-11510
CVE-2025-11510: FileBird <= 6.4.9 - Improper Authorization to Authenticated (Author+) Settings Reset

The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /filebird/v1/fb-wipe-clear-all-data function in all versions up to, and including, 6.4.9. This makes it p...

Published
Oct 17, 2025
Patched Release
6.5.0
Affected Versions
Versions up to 6.4.9
Next Step
Update to 6.5.0 or newer if supported.
Open CVE-2025-11510 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-6986
CVE-2025-6986: FileBird – WordPress Media Library Folders & File Manager <= 6.4.8 - Authenticated (Author+) SQL Injection

The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in all versions up to, and including, 6.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation...

Published
Aug 05, 2025
Patched Release
6.4.9
Affected Versions
Versions up to 6.4.8
Next Step
Update to 6.4.9 or newer if supported.
Open CVE-2025-6986 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-26977
CVE-2025-26977: Filebird <= 6.4.2.1 - Authenticated (Author+) Insecure Direct Object Reference

The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.2.1 due to missing validation on a user controlled key. This makes it possible for authenticated attacker...

Published
Feb 23, 2025
Patched Release
6.4.6
Affected Versions
Versions up to 6.4.2.1
Next Step
Update to 6.4.6 or newer if supported.
Open CVE-2025-26977 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-53825
CVE-2024-53825: Filebird <= 6.3.2 - Missing Authorization

The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 6.3.2. This makes it possible for authenticated attackers, with Author-lev...

Published
Dec 02, 2024
Patched Release
6.3.4
Affected Versions
Versions up to 6.3.2
Next Step
Update to 6.3.4 or newer if supported.
Open CVE-2024-53825 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-2345
CVE-2024-2345: FileBird – WordPress Media Library Folders & File Manager <= 5.6.3 - Authenticated (Author+) Stored Cross-Site Scripting

The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the folder name parameter in all versions up to, and including, 5.6.3 due to insufficient input sanitization and output escaping. This makes it poss...

Published
Apr 16, 2024
Patched Release
5.6.4
Affected Versions
Versions up to 5.6.3
Next Step
Update to 5.6.4 or newer if supported.
Open CVE-2024-2345 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-2346
CVE-2024-2346: FileBird – WordPress Media Library Folders & File Manager <= 5.6.3 - Authenticated (Author+) Insecure Direct Object Reference

The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.3 via folder deletion due to missing validation on a user controlled key. This makes it possible for auth...

Published
Apr 16, 2024
Patched Release
5.6.4
Affected Versions
Versions up to 5.6.3
Next Step
Update to 5.6.4 or newer if supported.
Open CVE-2024-2346 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-0691
CVE-2024-0691: FileBird <= 5.6.0 - Authenticated(Administrator+) Stored Cross-Site Scripting via Folder Import

The FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrat...

Published
Jan 19, 2024
Patched Release
5.6.1
Affected Versions
Versions up to 5.6.0
Next Step
Update to 5.6.1 or newer if supported.
Open CVE-2024-0691 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-25966
CVE-2023-25966: Filebird <= 5.1.4 - Missing Authorization via resAdminPermissionsCheck

The Filebird plugin for WordPress is vulnerable to unauthorized SPI key generation due to a missing capability check on the resAdminPermissionsCheck callback function function in versions up to, and including, 5.1.4. This makes it possible for authenticated attackers with author-...

Published
Mar 27, 2023
Patched Release
5.1.5
Affected Versions
Versions up to 5.1.4
Next Step
Update to 5.1.5 or newer if supported.
Open CVE-2023-25966 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2021-24385
CVE-2021-24385: Filebird 4.7.3 - Unauthenticated SQL Injection

The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the get_col function and it allows SQL i...

Published
Jun 16, 2021
Patched Release
4.7.4
Affected Versions
4.7.3 through 4.7.3
Next Step
Update to 4.7.4 or newer if supported.
Open CVE-2021-24385 Report Open CVE Reference