Insecure Direct Object Reference in FileBird Plugin for WordPress
CVE-2024-2346
5.4MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 2 May 2024
What is CVE-2024-2346?
The FileBird plugin for WordPress contains a vulnerability that allows authenticated users with author access or higher to exploit missing validation on a user-controlled key. This can lead to the deletion of folders created by other users, revealing file uploads and compromising the integrity of the media library. This flaw affects all versions up to and including 5.6.3, highlighting the need for immediate updates and security measures.
Affected Version(s)
FileBird – WordPress Media Library Folders & File Manager * <= 5.6.3