CVE-2024-2346

Name of the Vulnerable Software and Affected Versions The FileBird – WordPress Media Library Folders & File Manager plugin versions up to, and including, 5.6.3

Description The issue allows authenticated attackers with author access or higher to delete folders created by other users, making their file uploads visible due to missing validation on a user-controlled key. This is related to Insecure Direct Object Reference via folder deletion.

Recommendations For versions up to, and including, 5.6.3, update to a version that includes the necessary validation to prevent unauthorized folder deletion. As a temporary workaround, consider restricting access to folder deletion functionality to minimize the risk of exploitation.