Vulnerabilities > Ninjateam

DATE CVE VULNERABILITY TITLE RISK
2025-02-25 CVE-2025-26977 Authorization Bypass Through User-Controlled Key vulnerability in Ninjateam Filebird
Authorization Bypass Through User-Controlled Key vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.
network
low complexity
ninjateam CWE-639
7.2
2025-01-24 CVE-2025-24591 Missing Authorization vulnerability in Ninjateam Gdpr Ccpa Compliance & Cookie Consent Banner
Missing Authorization vulnerability in NinjaTeam GDPR CCPA Compliance Support allows Exploiting Incorrectly Configured Access Control Security Levels.
network
low complexity
ninjateam CWE-862
8.8
2024-12-19 CVE-2024-12331 Missing Authorization vulnerability in Ninjateam Filester
The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_install_plugin' function in all versions up to, and including, 1.8.6.
network
low complexity
ninjateam CWE-862
4.3
2024-12-09 CVE-2023-25966 Missing Authorization vulnerability in Ninjateam Filebird
Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 5.1.4.
network
low complexity
ninjateam CWE-862
6.5
2024-12-06 CVE-2024-53825 Missing Authorization vulnerability in Ninjateam Filebird
Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 6.3.2.
network
low complexity
ninjateam CWE-862
7.2
2024-11-28 CVE-2024-8066 Unspecified vulnerability in Ninjateam Filester
The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing validation in the 'fsConnector' function in all versions up to, and including, 1.8.6.
network
low complexity
ninjateam
8.8
2024-11-28 CVE-2024-9669 Path Traversal vulnerability in Ninjateam Filester
The File Manager Pro – Filester plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.8.5 via the 'fm_locale' parameter.
network
low complexity
ninjateam CWE-22
7.2
2024-10-18 CVE-2024-10055 Cross-site Scripting vulnerability in Ninjateam Click to Chat
The Click to Chat – WP Support All-in-One Floating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsaio_snapchat shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
ninjateam CWE-79
5.4
2024-10-17 CVE-2024-49281 Cross-site Scripting vulnerability in Ninjateam Click to Chat
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NinjaTeam Click to Chat – WP Support All-in-One Floating Widget allows Stored XSS.This issue affects Click to Chat – WP Support All-in-One Floating Widget: from n/a through 2.3.3.
network
low complexity
ninjateam CWE-79
5.4
2024-10-11 CVE-2024-47331 SQL Injection vulnerability in Ninjateam Multi Step for Contact Form 7
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NinjaTeam Multi Step for Contact Form allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a through 2.7.7.
network
low complexity
ninjateam CWE-89
critical
9.8