CVE-2025-11510 is an improper authorization vulnerability classified under CWE-285 affecting the FileBird – WordPress Media Library Folders & File Manager plugin developed by ninjateam. The vulnerability exists because the REST API endpoint /filebird/v1/fb-wipe-clear-all-data does not perform a capability check to verify if the requesting user has sufficient privileges before allowing the reset of all plugin configuration data. This flaw is present in all versions up to and including 6.4.9. An attacker with author-level access or higher on a WordPress site can exploit this vulnerability remotely without requiring additional user interaction. By invoking this endpoint, the attacker can wipe all configuration settings of the FileBird plugin, potentially disrupting the organization and management of media files within the WordPress media library. Although the vulnerability does not directly expose sensitive data or cause denial of service, the unauthorized modification of configuration data can lead to operational issues and may facilitate further attacks if the plugin is critical to site functionality. The CVSS v3.1 base score is 4.3, reflecting a medium severity due to low impact on confidentiality and availability but a notable impact on integrity. No patches or exploits are currently publicly available, but the vulnerability is published and should be addressed promptly. The issue highlights the importance of proper capability checks in REST API endpoints within WordPress plugins, especially those managing critical site resources.

For European organizations, this vulnerability poses a risk primarily to the integrity of WordPress media management configurations. Organizations relying on the FileBird plugin for organizing media assets may experience disruptions if an attacker resets plugin settings, potentially causing loss of custom folder structures or media organization schemes. While this does not directly compromise sensitive data confidentiality or cause site downtime, the operational impact can be significant for content-heavy websites, digital agencies, and e-commerce platforms that depend on efficient media management. Additionally, unauthorized configuration resets could be leveraged as a stepping stone for further attacks, such as privilege escalation or site defacement, especially if combined with other vulnerabilities. European organizations with multiple authors or contributors on WordPress sites are at higher risk since author-level access is sufficient for exploitation. The medium CVSS score reflects a moderate threat level, but the potential for business disruption and reputational damage should not be underestimated.

To mitigate this vulnerability, European organizations should implement the following specific measures: 1) Immediately restrict author-level access on WordPress sites to trusted users only, minimizing the attack surface. 2) Monitor and audit REST API calls to detect unusual or unauthorized requests to the /filebird/v1/fb-wipe-clear-all-data endpoint. 3) Employ Web Application Firewalls (WAFs) with custom rules to block unauthorized access to this endpoint. 4) Until an official patch is released, consider temporarily disabling or restricting the FileBird plugin's REST API endpoints via custom code or security plugins. 5) Educate site administrators and content authors about the risks of privilege misuse and enforce strict user role management. 6) Once available, promptly apply vendor patches or updates addressing this vulnerability. 7) Conduct regular security assessments of WordPress plugins and configurations to identify and remediate similar authorization issues proactively.