cleantalk
Vulnerabilities and Security Researches

FileBird – WordPress Media Library Folders & File Manager, CVE-2021-24385

CVE, Research URL

CVE-2021-24385

Home page URL

Security reports for FileBird – WordPress Media Library Folders & File Manager

Application

FileBird – WordPress Media Library Folders & File Manager

Published on
Jul 13, 2021
Research Description
The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the get_col function and it allows SQL injection. The Rest API endpoint which invokes this function also does not have any required permissions/authentication and can be accessed by an anonymous user.
Affected versions
Min -, max 4.7.4.
Status
vulnerable
Previous vulnerability researches
FileBird Document Library (CVE-2024-37504) , Jul 08, 2024
FileBird – WordPress Media Library Folders & File Manager (CVE-2024-53825) , Dec 08, 2024
FileBird – WordPress Media Library Folders & File Manager (CVE-2025-26977) , Feb 27, 2025
FileBird – WordPress Media Library Folders & File Manager (CVE-2025-6986) , Aug 07, 2025
FileBird – WordPress Media Library Folders & File Manager (CVE-2023-25966) , Jun 10, 2024
New vulnerability
Newsletters (CVE-2025-54034) , Aug 07, 2025
FileBird – WordPress Media Library Folders & File Manager (CVE-2025-6986) , Aug 07, 2025
HT Mega – Absolute Addons For Elementor (CVE-2025-54695) , Aug 07, 2025
DELUCKS SEO (CVE-2025-48165) , Aug 07, 2025
Gutenberg Blocks – PublishPress Blocks Gutenberg Editor Plugin (CVE-2025-48332) , Aug 06, 2025