2 matches found
WordPress Simple File List plugin <= 6.3.7 - Unauthenticated Arbitrary File Deletion via Path Traversal in 'eeSubFolder' Parameter vulnerability
Unauthenticated Arbitrary File Deletion via Path Traversal in 'eeSubFolder' Parameter vulnerability discovered by WordFence in WordPress Plugin Simple File List versions = 6.3.7...
CVE-2026-11911
The CVE-2026-11911 issue affects the WordPress plugin Simple File List (up to version 6.3.7). The root cause is insufficient file path validation in eeSFL_DeleteFile, enabling unauthenticated deletion of arbitrary server files. The vulnerability is exploitable via unauthenticated requests, as the...