WordPress Plugin Vulnerabilities

FileBird < 6.5.0 - Author+ Settings Reset

Description

The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the /filebird/v1/fb-wipe-clear-all-data function. This makes it possible for authenticated attackers, with author-level access and above, to reset all of the plugin's configuration data.

Affects Plugins

Plugin icon
filebird
Fixed in 6.5.0

References

CVE
CVE-2025-11510
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/60ed7738-5cba-4fc0-9178-265773555369

Classification

Type
INCORRECT AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-863
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
fuchong jun
Verified
No
WPVDB ID
a0fa0dd3-5a83-4616-89b2-4bd4521848ca

Timeline

Publicly Published
2025-10-17 (about 5 months ago)
Added
2025-10-21 (about 5 months ago)
Last Updated
2025-10-21 (about 5 months ago)

Other

Published
Title
Published
2024-04-05
Title
PostX – Gutenberg Blocks for Post Grid < 3.2.4 - Incorrect Authorization
Published
2025-08-14
Title
Kadence WooCommerce Email Designer < 1.5.17 - Shop Manager+ Arbitrary Options Update
Published
2022-09-29
Title
Accordions < 2.1.0 - Authenticated Arbitrary Options Update
Published
2022-08-15
Title
Visual Portfolio < 2.19.0 - Contributor+ CSS Injection
Published
2025-10-24
Title
ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution < 4.8.5 - Incorrect Authorization to Authenticated (Editor+) License Status Update