cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-2346,https://securityvulnerability.io/vulnerability/CVE-2024-2346,Insecure Direct Object Reference in FileBird Plugin for WordPress,"The FileBird plugin for WordPress contains a vulnerability that allows authenticated users with author access or higher to exploit missing validation on a user-controlled key. This can lead to the deletion of folders created by other users, revealing file uploads and compromising the integrity of the media library. This flaw affects all versions up to and including 5.6.3, highlighting the need for immediate updates and security measures.",Wordpress,Filebird – WordPress Media Library Folders & File Manager,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:18.829Z,0
CVE-2024-2345,https://securityvulnerability.io/vulnerability/CVE-2024-2345,Stored Cross-Site Scripting Vulnerability in FileBird Plugin for WordPress,"The FileBird plugin for WordPress is susceptible to stored cross-site scripting due to insufficient input validation and output sanitization when handling the folder name parameter. This vulnerability enables authenticated attackers, who have author-level permissions or higher, to inject arbitrary scripts into folder names that execute whenever any user accesses a page with an injected folder name. This poses significant security risks, as it compromises the integrity of web pages viewed by users. It’s crucial for site administrators to update to secure versions and adopt best practices in input validation to mitigate risks associated with this vulnerability.",Wordpress,Filebird – WordPress Media Library Folders & File Manager,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:51:46.891Z,0
CVE-2024-0691,https://securityvulnerability.io/vulnerability/CVE-2024-0691,Stored Cross-Site Scripting Vulnerability in FileBird Plugin for WordPress,"The FileBird plugin for WordPress contains a vulnerability that allows authenticated attackers with administrator privileges to perform Stored Cross-Site Scripting (XSS) attacks. This exploit is made possible due to insufficient input sanitization and output escaping when importing folder titles. As a result, attackers can inject arbitrary scripts that may execute whenever a user accesses the compromised page, potentially leading to unauthorized actions or data exposure. Additionally, attackers might use social engineering tactics to trick an administrator into uploading a malicious folder import that could further exploit this vulnerability.",Wordpress,FileBird – WordPress Media Library Folders & File Manager,4.8,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2024-02-05T21:21:43.434Z,0