What is CVE-2021-24385?

CVE-2021-24385 is a SQL injection vulnerability in the Filebird Plugin version 4.7.3 for WordPress.

How does CVE-2021-24385 impact my website?

CVE-2021-24385 allows attackers to inject malicious SQL queries into your website, potentially leading to unauthorized access or data manipulation.

What is the severity of CVE-2021-24385?

The severity of CVE-2021-24385 is critical, with a severity rating of 9.8 out of 10.

Which software versions are affected by CVE-2021-24385?

The Filebird Plugin version 4.7.3 for WordPress is affected by CVE-2021-24385.

How can I fix the CVE-2021-24385 vulnerability?

To fix the CVE-2021-24385 vulnerability, you should update the Filebird Plugin to a version that has addressed the SQL injection issue.

Vulnerability/
CVE-2021-24385

critical

9.8

CWE

12/7/2021

3/8/2024

CVE-2021-24385: Filebird 4.7.3 - Unauthenticated SQL Injection

First published: Mon Jul 12 2021(Updated: )

The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the get_col function and it allows SQL injection. The Rest API endpoint which invokes this function also does not have any required permissions/authentication and can be accessed by an anonymous user.

Credit: contact@wpscan.com

Affected Software	Affected Version	How to fix
Ninja Team Filebird	=4.7.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-24385?
CVE-2021-24385 is a SQL injection vulnerability in the Filebird Plugin version 4.7.3 for WordPress.
How does CVE-2021-24385 impact my website?
CVE-2021-24385 allows attackers to inject malicious SQL queries into your website, potentially leading to unauthorized access or data manipulation.
What is the severity of CVE-2021-24385?
The severity of CVE-2021-24385 is critical, with a severity rating of 9.8 out of 10.
Which software versions are affected by CVE-2021-24385?
The Filebird Plugin version 4.7.3 for WordPress is affected by CVE-2021-24385.
How can I fix the CVE-2021-24385 vulnerability?
To fix the CVE-2021-24385 vulnerability, you should update the Filebird Plugin to a version that has addressed the SQL injection issue.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/title
agent/author
agent/severity
agent/last-modified-date
agent/event
agent/first-publish-date
agent/description
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ninjateam
canonical/ninja team filebird
version/ninja team filebird/4.7.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.