The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /filebird/v1/fb-wipe-clear-all-data function in all versions up to, and including, 6.4.9. This makes it possible for authenticated attackers, with author-level access and above, to reset all of the plugin's configuration data.
Metrics
Affected Vendors & Products
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Sat, 18 Oct 2025 07:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /filebird/v1/fb-wipe-clear-all-data function in all versions up to, and including, 6.4.9. This makes it possible for authenticated attackers, with author-level access and above, to reset all of the plugin's configuration data. | |
Title | FileBird <= 6.4.9 - Improper Authorization to Authenticated (Author+) Settings Reset | |
Weaknesses | CWE-285 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2025-10-18T06:42:47.037Z
Reserved: 2025-10-08T15:06:17.946Z
Link: CVE-2025-11510

No data.

Status : Received
Published: 2025-10-18T07:15:35.190
Modified: 2025-10-18T07:15:35.190
Link: CVE-2025-11510

No data.

No data.