{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-11510", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-08T15:06:17.946Z", "datePublished": "2025-10-18T06:42:47.037Z", "dateUpdated": "2026-04-08T16:56:42.001Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:56:42.001Z"}, "affected": [{"vendor": "ninjateam", "product": "FileBird \u2013 WordPress Media Library Folders & File Manager", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "6.4.9", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The FileBird \u2013 WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /filebird/v1/fb-wipe-clear-all-data function in all versions up to, and including, 6.4.9. This makes it possible for authenticated attackers, with author-level access and above, to reset all of the plugin's configuration data."}], "title": "FileBird <= 6.4.9 - Improper Authorization to Authenticated (Author+) Settings Reset", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/60ed7738-5cba-4fc0-9178-265773555369?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3379856/filebird/trunk/includes/Classes/Convert.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-285 Improper Authorization", "cweId": "CWE-285", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "kai"}], "timeline": [{"time": "2025-10-08T15:21:55.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-10-17T18:24:12.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-20T19:01:50.915963Z", "id": "CVE-2025-11510", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-20T19:02:03.165Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11510", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-20T19:01:50.915963Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-20T19:01:59.047Z"}}], "cna": {"title": "FileBird <= 6.4.9 - Improper Authorization to Authenticated (Author+) Settings Reset", "credits": [{"lang": "en", "type": "finder", "value": "fuchong jun"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "ninjateam", "product": "FileBird \u2013 WordPress Media Library Folders & File Manager", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "6.4.9"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-10-08T15:21:55.000+00:00", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-10-17T18:24:12.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/60ed7738-5cba-4fc0-9178-265773555369?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3379856/filebird/trunk/includes/Classes/Convert.php"}], "descriptions": [{"lang": "en", "value": "The FileBird \u2013 WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /filebird/v1/fb-wipe-clear-all-data function in all versions up to, and including, 6.4.9. This makes it possible for authenticated attackers, with author-level access and above, to reset all of the plugin's configuration data."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-285", "description": "CWE-285 Improper Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-10-18T06:42:47.037Z"}}}, "cveMetadata": {"cveId": "CVE-2025-11510", "state": "PUBLISHED", "dateUpdated": "2025-10-20T19:02:03.165Z", "dateReserved": "2025-10-08T15:06:17.946Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-10-18T06:42:47.037Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The FileBird \u2013 WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /filebird/v1/fb-wipe-clear-all-data function in all versions up to, and including, 6.4.9. This makes it possible for authenticated attackers, with author-level access and above, to reset all of the plugin's configuration data."}], "id": "CVE-2025-11510", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-10-18T07:15:35.190", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3379856/filebird/trunk/includes/Classes/Convert.php"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/60ed7738-5cba-4fc0-9178-265773555369?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T12:42:54.480322+00:00", "value": {"mitigation_remediation": ["Upgrade FileBird to version 6.5.0 or later, when the missing capability check has been corrected.", "If an immediate upgrade is not possible, block or restrict access to the /filebird/v1/fb-wipe-clear-all-data REST endpoint using an application firewall rule or a security plugin that prevents execution of unverified endpoints.", "Review role definitions in WordPress and remove or limit the ability of author or higher roles to access plugin configuration pages."], "summary": {"action": "Apply patch", "impact": "Unauthorized configuration reset"}, "threat_synthesis": {"affected_systems": "Any WordPress installation using FileBird version 6.4.9 or earlier, provided users have author role or higher permissions in the site. The vulnerability affects the FileBird \u2013 WordPress Media Library Folders & File Manager plugin from ninjateam.", "description_and_impact": "The FileBird WordPress Media Library plugin contains a missing capability check on the REST endpoint /filebird/v1/fb-wipe-clear-all-data. An authenticated user with author or higher privileges can invoke this endpoint to wipe and reset all plugin configuration data, effectively erasing the organization of media folders and settings. This is an unauthorized modification flaw, classified as CWE-285, that compromises integrity of plugin data but does not grant arbitrary code execution or direct visibility of sensitive site content.", "risk_and_exploitability": "The vulnerability scores a CVSS of 4.3, indicating a medium impact. The EPSS score of less than 1% suggests that exploit attempts are relatively rare. It is not listed in CISA KEV catalogs. The attack requires authenticated author-level access to the site, making it a local privilege escalation within the WordPress administrative context. Due to the low exploitation probability but moderate severity, organizations should consider mitigations promptly."}}}}, "created": "2025-10-20T13:21:30.250162+00:00", "updated": "2026-04-22T12:45:17.030405+00:00", "vendors": ["ninjateam", "ninjateam$PRODUCT$filebird", "wordpress", "wordpress$PRODUCT$wordpress"]}