CVE-2025-12900
📋 TL;DR
This vulnerability allows authenticated WordPress users with author-level permissions or higher to create global folders and reassign arbitrary media attachments to those folders. It affects all versions of the FileBird plugin up to and including 6.5.1. The issue stems from missing authorization checks in the ConvertController::insertToNewTable function.
💻 Affected Systems
- FileBird – WordPress Media Library Folders & File Manager
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Malicious authors could reorganize the entire media library, disrupting site content structure and potentially making legitimate media inaccessible.
Likely Case
Author-level users could create unauthorized folder structures and move media files, causing content management confusion and minor operational disruption.
If Mitigated
With proper user access controls and monitoring, impact is limited to potential minor content organization issues.
🎯 Exploit Status
Exploitation requires authenticated access with author privileges or higher. The vulnerability is in a specific controller function with missing authorization checks.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.5.2 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3411587
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find FileBird plugin. 4. Click 'Update Now' if available, or manually update to version 6.5.2+. 5. Verify plugin is active and functioning.
🔧 Temporary Workarounds
Temporary Plugin Deactivation
allDisable the FileBird plugin until patched to prevent exploitation.
wp plugin deactivate filebird
Restrict Author Permissions
allTemporarily downgrade author-level users to contributor or lower roles.
wp user update <user_id> --role=contributor
🧯 If You Can't Patch
- Remove author-level permissions from untrusted users
- Implement additional media library access monitoring
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → FileBird → Version. If version is 6.5.1 or lower, you are vulnerable.Check Version:
wp plugin get filebird --field=versionVerify Fix Applied:
Verify FileBird plugin version is 6.5.2 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual folder creation events in WordPress logs
- Multiple media attachment reassignments by author-level users
Network Indicators:
- POST requests to /wp-admin/admin-ajax.php with action=fbv_insert_to_new_table
SIEM Query:
source="wordpress.log" AND "fbv_insert_to_new_table" AND user_role="author"