The Simple File List WordPress plugin before 4.4.12 does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it’s content via a CSRF attack.
CPE | Name | Operator | Version |
---|---|---|---|
simple-file-list | lt | 4.4.12 |