CVE-2024-35166 – This vulnerability in the Filebird WordPress pl... (How to Fix)

Q: What is the severity of CVE-2024-35166?

CVE-2024-35166 has a CVSS score of 5.3 (MEDIUM). This vulnerability in the Filebird WordPress plugin allows unauthorized actors to access sensitive information. It affects all Filebird installations up to version 5.6.3, potentially exposing confidential data stored through the plugin.

📋 TL;DR

This vulnerability in the Filebird WordPress plugin allows unauthorized actors to access sensitive information. It affects all Filebird installations up to version 5.6.3, potentially exposing confidential data stored through the plugin.

💻 Affected Systems

Products:

Filebird WordPress Plugin

Versions: All versions up to and including 5.6.3

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all WordPress installations using vulnerable Filebird versions. No special configuration required for exploitation.

📦 What is this software?

Filebird by Ninjateam

View all CVEs affecting Filebird →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive media files, user data, or other confidential information stored via Filebird, leading to data breaches, privacy violations, or credential theft.

🟠

Likely Case

Unauthorized users accessing restricted media files or metadata that should be protected, potentially exposing business documents, user uploads, or configuration details.

🟢

If Mitigated

With proper access controls and network segmentation, impact would be limited to the specific exposed data rather than full system compromise.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Information exposure vulnerabilities typically have low exploitation complexity once the attack vector is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.6.4 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/filebird/wordpress-filebird-wordpress-media-library-folders-file-manager-plugin-5-6-3-sensitive-data-exposure-vulnerability

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Filebird and click 'Update Now'. 4. Verify update to version 5.6.4 or higher.

🔧 Temporary Workarounds

Disable Filebird Plugin

all

Temporarily disable the vulnerable plugin until patching is possible

wp plugin deactivate filebird

Restrict Access via .htaccess

linux

Add access restrictions to Filebird directories

Order Deny,Allow
Deny from all

🧯 If You Can't Patch

Implement strict access controls and network segmentation to limit exposure
Monitor for unusual access patterns to Filebird-related endpoints

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Filebird version. If version is 5.6.3 or lower, system is vulnerable.

Check Version:

wp plugin get filebird --field=version

Verify Fix Applied:

Verify Filebird plugin version is 5.6.4 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to /wp-content/plugins/filebird/ endpoints
Multiple failed access attempts followed by successful sensitive data retrieval

Network Indicators:

HTTP requests to Filebird-specific endpoints from unauthorized IPs
Unusual traffic patterns to media library paths

SIEM Query:

source="web_server" AND (uri_path="/wp-content/plugins/filebird/*" OR user_agent CONTAINS "scanner")

📊 Metadata

CVE ID: CVE-2024-35166

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-200

Published: May 14, 2024

Last Updated: April 15, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35166, you might also want to check these: