CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-24385

The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the get_col function and it allows SQL injection. The Rest API endpoint which invokes this function also does not have any required permissions/authentication and can be accessed by an anonymous user.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.09

EPSS Ranking 92.2%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://10up.com/blog/2021/security-vulnerability-filebird-wordpress-plugin/
https://wpscan.com/vulnerability/754ac750-0262-4f65-b23e-d5523995fbfa
https://10up.com/blog/2021/security-vulnerability-filebird-wordpress-plugin/
https://wpscan.com/vulnerability/754ac750-0262-4f65-b23e-d5523995fbfa

Products affected by CVE-2021-24385

Ninjateam » Filebird » Version: 4.7.3

cpe:2.3:a:ninjateam:filebird:4.7.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24385

Products

Pricing

Contact Us