Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

NinjaTeam — Vulnerabilities & Security Advisories 30

Browse all 30 CVE security advisories affecting NinjaTeam. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by NinjaTeam:FileBird – WordPress Media Library Folders & File ManagerFile Manager Pro – FilesterWP Chat AppGDPR CCPA Compliance & Cookie Consent BannerWP Telegram Chat WidgetNotibar – Notification Bar for WordPressWP Duplicate PageFastDup – Fastest WordPress Migration & DuplicatorLive Chat with Facebook MessengerDatabase for Contact Form 7WP Click to Chat – Email, Live Chat, Call & Book Now ButtonsFileBird Pro
CVE IDTitleCVSSSeverityPublished
CVE-2026-1104 FastDup – Fastest WordPress Migration & Duplicator <= 2.7.1 - Missing Authorization to Authenticated (Contributor+) Backup Creation and Download — FastDup – Fastest WordPress Migration & DuplicatorCWE-862 8.8 High2026-02-12
CVE-2025-14001 WP Duplicate Page <= 1.8 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication — WP Duplicate PageCWE-862 5.4 Medium2026-01-13
CVE-2026-0604 FastDup <= 2.7 - Authenticated (Contributor+) Path Traversal via 'dir_path' REST Parameter — FastDup – Fastest WordPress Migration & DuplicatorCWE-22 6.5 Medium2026-01-06
CVE-2025-66134 WordPress FileBird Pro plugin <= 6.5.1 - Broken Access Control vulnerability — FileBird ProCWE-862 5.4 Medium2025-12-16
CVE-2025-12900 FileBird – WordPress Media Library Folders & File Manager <= 6.5.1 - Missing Authorization to Authenticated (Author+) Global Folders Tampering — FileBird – WordPress Media Library Folders & File ManagerCWE-862 4.3 Medium2025-12-15
CVE-2025-12481 WP Duplicate Page <= 1.7 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure — WP Duplicate PageCWE-862 4.3 Medium2025-11-18
CVE-2025-11510 FileBird <= 6.4.9 - Improper Authorization to Authenticated (Author+) Settings Reset — FileBird – WordPress Media Library Folders & File ManagerCWE-285 4.3 Medium2025-10-18
CVE-2025-0818 Multiple elFinder Plugins <= (Various Versions) - Directory Traversal to Arbitrary File Deletion — File Manager Pro – FilesterCWE-22 6.5 Medium2025-08-13
CVE-2025-6986 FileBird – WordPress Media Library Folders & File Manager <= 6.4.8 - Authenticated (Author+) SQL Injection — FileBird – WordPress Media Library Folders & File ManagerCWE-89 6.5 Medium2025-08-06
CVE-2025-3234 File Manager Pro – Filester <= 1.8.8 - Authenticated (Administrator+) Arbitrary File Upload — File Manager Pro – FilesterCWE-434 7.2 High2025-06-14
CVE-2025-5236 NinjaTeam Chat for Telegram <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via username Parameter — WP Telegram Chat WidgetCWE-79 6.4 Medium2025-05-30
CVE-2025-1672 Notibar <= 2.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting — Notibar – Notification Bar for WordPressCWE-79 5.5 Medium2025-03-06
CVE-2024-11885 NinjaTeam Chat for Telegram <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP Telegram Chat WidgetCWE-79 6.4 Medium2024-12-24
CVE-2024-12331 File Manager Pro – Filester <= 1.8.6 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation — File Manager Pro – FilesterCWE-862 4.3 Medium2024-12-19
CVE-2024-11012 Notibar – Notification Bar for WordPress <= 2.1.4 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via njt_nofi_text — Notibar – Notification Bar for WordPressCWE-94 6.3 Medium2024-12-13
CVE-2024-9669 File Manager Pro – Filester <= 1.8.5 - Authenticated (Administrator+) Local JavaScript File Inclusion — File Manager Pro – FilesterCWE-22 7.2 High2024-11-28
CVE-2024-8066 File Manager Pro – Filester <= 1.8.6- Authenticated (Subscriber+) Arbitrary File Upload — File Manager Pro – FilesterCWE-434 7.5 High2024-11-28
CVE-2024-10533 WP Chat App <= 3.6.8 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation — WP Chat AppCWE-862 4.3 Medium2024-11-16
CVE-2024-10055 Click to Chat – WP Support All-in-One Floating Widget <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsaio_snapchat Shortcode — WP Click to Chat – Email, Live Chat, Call & Book Now ButtonsCWE-79 6.4 Medium2024-10-18
CVE-2024-7031 File Manager Pro – Filester <= 1.8.2 - Authenticated Plugin Settings Update — File Manager Pro – FilesterCWE-862 7.5 High2024-08-03
CVE-2024-5607 GDPR CCPA Compliance & Cookie Consent Banner <= 2.7.0 - Missing Authorization to Settings Update and Stored Cross-Site Scripting — GDPR CCPA Compliance & Cookie Consent BannerCWE-862 5.4 Medium2024-06-07
CVE-2024-2346 FileBird – WordPress Media Library Folders & File Manager <= 5.6.3 - Authenticated (Author+) Insecure Direct Object Reference — FileBird – WordPress Media Library Folders & File ManagerCWE-639 5.4 Medium2024-05-02
CVE-2024-2345 FileBird – WordPress Media Library Folders & File Manager <= 5.6.3 - Authenticated (Author+) Stored Cross-Site Scripting — FileBird – WordPress Media Library Folders & File ManagerCWE-79 6.4 Medium2024-05-02
CVE-2024-2513 WP Chat App <= 3.6.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Block Image Attribute — WP Chat AppCWE-20 6.4 Medium2024-04-09
CVE-2024-29103 WordPress Database for Contact Form 7 plugin <= 3.0.6 - Unauthenticated Cross Site Scripting (XSS) vulnerability — Database for Contact Form 7CWE-79 7.1 High2024-03-19
CVE-2024-1761 WP Chat App <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes — WP Chat AppCWE-79 6.4 Medium2024-03-07
CVE-2023-51370 WordPress WP Chat App Plugin <= 3.4.4 is vulnerable to Cross Site Scripting (XSS) — WP Chat AppCWE-79 5.9 Medium2024-02-12
CVE-2024-0691 FileBird <= 5.6.0 - Authenticated(Administrator+) Stored Cross-Site Scripting via Folder Import — FileBird – WordPress Media Library Folders & File ManagerCWE-79 5.5 Medium2024-02-05
CVE-2023-5740 Live Chat with Facebook Messenger <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Live Chat with Facebook MessengerCWE-79 6.4 Medium2023-10-24
CVE-2020-36718 GDPR CCPA Compliance Support <= 2.3 - PHP Object Injection — GDPR CCPA Compliance & Cookie Consent BannerCWE-502 9.8 Critical2023-06-07

This page lists every published CVE security advisory associated with NinjaTeam. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.