| CVE-2026-1104 | FastDup – Fastest WordPress Migration & Duplicator <= 2.7.1 - Missing Authorization to Authenticated (Contributor+) Backup Creation and Download | ninjateam | FastDup – Fastest WordPress Migration & Duplicator | High | 8.8 | 2026-02-12 14:25:41 | Deep Dive |
| CVE-2025-14001 | WP Duplicate Page <= 1.8 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication | ninjateam | WP Duplicate Page | Medium | 5.4 | 2026-01-13 11:21:20 | Deep Dive |
| CVE-2026-0604 | FastDup <= 2.7 - Authenticated (Contributor+) Path Traversal via 'dir_path' REST Parameter | ninjateam | FastDup – Fastest WordPress Migration & Duplicator | Medium | 6.5 | 2026-01-06 03:21:39 | Deep Dive |
| CVE-2025-66134 | WordPress FileBird Pro plugin <= 6.5.1 - Broken Access Control vulnerability | NinjaTeam | FileBird Pro | Medium | 5.4 | 2025-12-16 08:12:55 | Deep Dive |
| CVE-2025-12900 | FileBird – WordPress Media Library Folders & File Manager <= 6.5.1 - Missing Authorization to Authenticated (Author+) Global Folders Tampering | ninjateam | FileBird – WordPress Media Library Folders & File Manager | Medium | 4.3 | 2025-12-15 14:25:11 | Deep Dive |
| CVE-2025-12481 | WP Duplicate Page <= 1.7 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure | ninjateam | WP Duplicate Page | Medium | 4.3 | 2025-11-18 09:27:38 | Deep Dive |
| CVE-2025-11510 | FileBird <= 6.4.9 - Improper Authorization to Authenticated (Author+) Settings Reset | ninjateam | FileBird – WordPress Media Library Folders & File Manager | Medium | 4.3 | 2025-10-18 06:42:47 | Deep Dive |
| CVE-2025-0818 | Multiple elFinder Plugins <= (Various Versions) - Directory Traversal to Arbitrary File Deletion | ninjateam | File Manager Pro – Filester | Medium | 6.5 | 2025-08-13 03:42:05 | Deep Dive |
| CVE-2025-6986 | FileBird – WordPress Media Library Folders & File Manager <= 6.4.8 - Authenticated (Author+) SQL Injection | ninjateam | FileBird – WordPress Media Library Folders & File Manager | Medium | 6.5 | 2025-08-06 01:45:13 | Deep Dive |
| CVE-2025-3234 | File Manager Pro – Filester <= 1.8.8 - Authenticated (Administrator+) Arbitrary File Upload | ninjateam | File Manager Pro – Filester | High | 7.2 | 2025-06-14 05:32:01 | Deep Dive |
| CVE-2025-5236 | NinjaTeam Chat for Telegram <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via username Parameter | ninjateam | WP Telegram Chat Widget | Medium | 6.4 | 2025-05-30 07:23:41 | Deep Dive |
| CVE-2025-1672 | Notibar <= 2.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting | ninjateam | Notibar – Notification Bar for WordPress | Medium | 5.5 | 2025-03-06 09:21:20 | Deep Dive |
| CVE-2024-11885 | NinjaTeam Chat for Telegram <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | ninjateam | WP Telegram Chat Widget | Medium | 6.4 | 2024-12-24 05:23:43 | Deep Dive |
| CVE-2024-12331 | File Manager Pro – Filester <= 1.8.6 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation | ninjateam | File Manager Pro – Filester | Medium | 4.3 | 2024-12-19 11:14:15 | Deep Dive |
| CVE-2024-11012 | Notibar – Notification Bar for WordPress <= 2.1.4 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via njt_nofi_text | ninjateam | Notibar – Notification Bar for WordPress | Medium | 6.3 | 2024-12-13 09:27:28 | Deep Dive |
| CVE-2024-9669 | File Manager Pro – Filester <= 1.8.5 - Authenticated (Administrator+) Local JavaScript File Inclusion | ninjateam | File Manager Pro – Filester | High | 7.2 | 2024-11-28 08:47:32 | Deep Dive |
| CVE-2024-8066 | File Manager Pro – Filester <= 1.8.6- Authenticated (Subscriber+) Arbitrary File Upload | ninjateam | File Manager Pro – Filester | High | 7.5 | 2024-11-28 08:47:31 | Deep Dive |
| CVE-2024-10533 | WP Chat App <= 3.6.8 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation | ninjateam | WP Chat App | Medium | 4.3 | 2024-11-16 03:29:17 | Deep Dive |
| CVE-2024-10055 | Click to Chat – WP Support All-in-One Floating Widget <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsaio_snapchat Shortcode | ninjateam | WP Click to Chat – Email, Live Chat, Call & Book Now Buttons | Medium | 6.4 | 2024-10-18 07:35:26 | Deep Dive |
| CVE-2024-6617 | NinjaTeam Header Footer Custom Code <= 1.2 - Admin+ Stored XSS via CSS Styles | Unknown | NinjaTeam Header Footer Custom Code | - | - | 2024-09-13 06:00:03 | Deep Dive |