Vulnerabilities > Ninjateam
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-25 | CVE-2025-26977 | Authorization Bypass Through User-Controlled Key vulnerability in Ninjateam Filebird Authorization Bypass Through User-Controlled Key vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels. | 7.2 |
| 2025-01-24 | CVE-2025-24591 | Missing Authorization vulnerability in Ninjateam Gdpr Ccpa Compliance & Cookie Consent Banner Missing Authorization vulnerability in NinjaTeam GDPR CCPA Compliance Support allows Exploiting Incorrectly Configured Access Control Security Levels. | 8.8 |
| 2024-12-19 | CVE-2024-12331 | Missing Authorization vulnerability in Ninjateam Filester The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_install_plugin' function in all versions up to, and including, 1.8.6. | 4.3 |
| 2024-12-09 | CVE-2023-25966 | Missing Authorization vulnerability in Ninjateam Filebird Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 5.1.4. | 6.5 |
| 2024-12-06 | CVE-2024-53825 | Missing Authorization vulnerability in Ninjateam Filebird Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 6.3.2. | 7.2 |
| 2024-11-28 | CVE-2024-8066 | Unspecified vulnerability in Ninjateam Filester The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing validation in the 'fsConnector' function in all versions up to, and including, 1.8.6. | 8.8 |
| 2024-11-28 | CVE-2024-9669 | Path Traversal vulnerability in Ninjateam Filester The File Manager Pro – Filester plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.8.5 via the 'fm_locale' parameter. | 7.2 |
| 2024-10-18 | CVE-2024-10055 | Cross-site Scripting vulnerability in Ninjateam Click to Chat The Click to Chat – WP Support All-in-One Floating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsaio_snapchat shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-10-17 | CVE-2024-49281 | Cross-site Scripting vulnerability in Ninjateam Click to Chat Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NinjaTeam Click to Chat – WP Support All-in-One Floating Widget allows Stored XSS.This issue affects Click to Chat – WP Support All-in-One Floating Widget: from n/a through 2.3.3. | 5.4 |
| 2024-10-11 | CVE-2024-47331 | SQL Injection vulnerability in Ninjateam Multi Step for Contact Form 7 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NinjaTeam Multi Step for Contact Form allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a through 2.7.7. | 9.8 |