CVE-2022-3207

🗓️ 10 Oct 2022 00:00:00Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 6 Media mentions👁 60 Views🌐 WEB

The Simple File List WordPress plugin before 4.4.12 is vulnerable to Stored Cross-Site Scriptin

Reporter	Title	Published	Views	Family All 14
ATTACKERKB	CVE-2022-3207	10 Oct 202221:15	–	attackerkb
Circl	CVE-2022-3207	11 Oct 202200:25	–	circl
CNNVD	WordPress plugin Simple File List 跨站脚本漏洞	10 Oct 202200:00	–	cnnvd
CNVD	WordPress Simple File List Cross-Site Scripting Vulnerability	12 Oct 202200:00	–	cnvd
Cvelist	CVE-2022-3207 Simple File List < 4.4.12 - Admin+ Stored Cross-Site Scripting	10 Oct 202200:00	–	cvelist
EUVD	EUVD-2022-42624	3 Oct 202520:07	–	euvd
NVD	CVE-2022-3207	10 Oct 202221:15	–	nvd
OSV	CVE-2022-3207	10 Oct 202221:15	–	osv
Patchstack	WordPress Simple File List plugin <= 4.4.11 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability	19 Sep 202200:00	–	patchstack
Prion	Cross site scripting	10 Oct 202221:15	–	prion

NVD

Vulners

Node

simplefilelist simple-file-listRange<4.4.12wordpress

[
  {
    "vendor": "Unknown",
    "product": "Simple File List",
    "versions": [
      {
        "version": "4.4.12",
        "status": "affected",
        "lessThan": "4.4.12",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/b57272ea-9a8a-482a-bbaa-5f202ca5b9aa

Parameter	Position	Path	Description	CWE
eeNotifyTo	request body	/blog/wp-admin/?page=ee-simple-file-list&tab=settings&subtab=email_settings	Stored XSS via unsanitised settings in email settings (payloads in parameters detected in request).	CWE-79
eeNotifyCc	request body	/blog/wp-admin/?page=ee-simple-file-list&tab=settings&subtab=email_settings	Stored XSS via unsanitised settings in email settings (payloads in parameters detected in request).	CWE-79
eeNotifyBcc	request body	/blog/wp-admin/?page=ee-simple-file-list&tab=settings&subtab=email_settings	Stored XSS via unsanitised settings in email settings (payloads in parameters detected in request).	CWE-79
eeNotifyFrom	request body	/blog/wp-admin/?page=ee-simple-file-list&tab=settings&subtab=email_settings	Stored XSS via unsanitised settings in email settings (payloads in parameters detected in request).	CWE-79
eeNotifyFromName	request body	/blog/wp-admin/?page=ee-simple-file-list&tab=settings&subtab=email_settings	Stored XSS via unsanitised settings in email settings (payloads in parameters detected in request).	CWE-79
eeNotifySubject	request body	/blog/wp-admin/?page=ee-simple-file-list&tab=settings&subtab=email_settings	Stored XSS via unsanitised settings in email settings (payloads in parameters detected in request).	CWE-79
eeNotifyMessage	request body	/blog/wp-admin/?page=ee-simple-file-list&tab=settings&subtab=email_settings	Stored XSS via unsanitised settings in email settings (payloads in parameters detected in request).	CWE-79
eePost	request body	/blog/wp-admin/?page=ee-simple-file-list&tab=settings&subtab=email_settings	Stored XSS via unsanitised settings in email settings (payloads in parameters detected in request).	CWE-79
ee-simple-file-list-settings-nonce	request body	/blog/wp-admin/?page=ee-simple-file-list&tab=settings&subtab=email_settings	Stored XSS via unsanitised settings in email settings (payloads in parameters detected in request).	CWE-79
_wp_http_referer	request body	/blog/wp-admin/?page=ee-simple-file-list&tab=settings&subtab=email_settings	Stored XSS via unsanitised settings in email settings (payloads in parameters detected in request).	CWE-79

17 Jun 2026 04:59Current

4.7Medium risk

Vulners AI Score4.7

CVSS 3.14.8

EPSS0.0047

CWE-79