Hello,

At WP Engine we take the security of your sites very seriously, and make every effort to keep our customers aware of any potential security risks. We are reaching out to you today because we identified resources that may be utilizing a vulnerable version of the filebird plugin.

The site chrisfrailey on radiate2 is running version 6.4.7.

WP Engine summary of the vulnerability: The plugin contains a vulnerability wherein unauthenticated visitors could inject SQL statements into WordPress. SQL injection could allow an attacker to gain control of your site.

This vulnerability’s information has been verified by Patchstack. Please note that questions related to this notification should be directed to Patchstack, the plugin author or the 3rd-party researcher for the most accurate information.

Resources providing further information on this vulnerability:

https://patchstack.com/database/vulnerability/filebird/wordpress-filebird-wordpress-media-library-folders-file-manager-plugin-6-4-8-authenticated-author-sql-injection-vulnerability?_a_id=473 

To secure your site, please upgrade to the latest version of this plugin.

We always suggest making a backup before making any changes. You can learn how to do this in this article: https://wpengine.com/support/restore/.

Would you like to avoid doing these updates manually in the future? Add the Smart Plugin Manager: https://my.wpengine.com/products/smart_plugin_manager to your plan today!

Finally, feel free to reach out to our Support team if you need assistance with backing up or updating your website!

Thanks,
-WP Engine Security Team