CVE-2024-0691 in FileBird Plugininfo

Summary

by MITRE • 02/06/2024

The FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. It may also be possible to socially engineer an administrator into uploading a malicious folder import.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 04/12/2026

The FileBird plugin for WordPress represents a critical security vulnerability classified as CVE-2024-0691, which affects all versions up to and including 5.5.8.1. This vulnerability manifests as a stored cross-site scripting flaw that specifically targets imported folder titles within the plugin's functionality. The flaw arises from inadequate input sanitization mechanisms and insufficient output escaping procedures that fail to properly validate or sanitize user-supplied data before processing it within the application's backend systems. The vulnerability requires authenticated access with administrator privileges, making it particularly dangerous as it leverages the elevated permissions of trusted users within the WordPress environment.

The technical implementation of this vulnerability stems from the plugin's failure to adequately sanitize folder titles during the import process, creating a persistent XSS vector that allows attackers to inject malicious scripts into the plugin's data storage. When administrators or other users access pages containing these maliciously crafted folder titles, the injected scripts execute in their browsers, potentially enabling attackers to perform actions on behalf of victims, steal session cookies, or redirect users to malicious websites. This stored nature of the vulnerability means that the malicious code persists in the database and executes every time affected pages are loaded, making it particularly insidious and difficult to detect through routine security scanning.

The operational impact of CVE-2024-0691 extends beyond simple script execution, as it represents a significant threat to WordPress site integrity and user security. Attackers can leverage this vulnerability to establish persistent access to compromised sites, potentially escalating privileges, accessing sensitive data, or using the compromised system as a launching point for further attacks against connected systems. The vulnerability's potential for social engineering amplifies its danger, as attackers can manipulate administrators into uploading malicious folder import files, effectively bypassing technical defenses through human factors. This attack vector aligns with ATT&CK technique T1566.001 for social engineering and demonstrates how seemingly benign plugin functionality can become a critical attack surface.

Security mitigations for CVE-2024-0691 should prioritize immediate plugin updates to versions that address the sanitization and escaping deficiencies, with administrators implementing additional monitoring of folder import activities and user access logs. The vulnerability's classification under CWE-79 indicates that proper input validation and output escaping mechanisms are essential defensive measures, requiring developers to implement robust sanitization routines that strip or encode potentially dangerous characters before processing user input. Organizations should also consider implementing web application firewalls to detect and block suspicious script injection attempts, while establishing regular security audits of installed plugins to identify other potential vulnerabilities. The incident highlights the critical importance of maintaining up-to-date security practices and demonstrates how plugin developers must prioritize security in all aspects of their code implementation to prevent such persistent threats to web application integrity.

Responsible

Wordfence

Reservation

01/18/2024

Disclosure

02/06/2024

Moderation

accepted

CPE

ready

EPSS

0.00404

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!