WordPress · Filebird – Wordpress Media Library Folders & File Manager · CVE-2025-11510
**Name of the Vulnerable Software and Affected Versions**
FileBird – WordPress Media Library Folders & File Manager plugin versions prior to 6.4.9
**Description**
The FileBird plugin for WordPress is susceptible to unauthorized data modification. A missing capability check on the `/filebird/v1/fb-wipe-clear-all-data` API endpoint allows authenticated attackers with author-level access or higher to reset all of the plugin’s configuration data. The vulnerable function is `fb-wipe-clear-all-data`.
**Recommendations**
Update the FileBird – WordPress Media Library Folders & File Manager plugin to a version later than 6.4.9.