Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.7 views

EUVD-2020-30797

Malware in sbrugna...

9.8CVSS6.1AI score0.89304EPSS
Exploits5References6
Vulnrichment
Vulnrichmentadded 2025/07/12 9:24 a.m.6 views

CVE-2020-36847 Simple File List < 4.2.3 - Remote Code Execution

The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be used to rename uploaded PHP code with a png extension to use a php extension. This allows unauthenticated attackers to execute code on the...

9.8CVSS8.3AI score0.89304EPSS
Exploits5References5
Positive Technologies
Positive Technologiesadded 2025/07/12 12:0 a.m.6 views

PT-2025-29315 · WordPress · Simple-File-List Plugin

Name of the Vulnerable Software and Affected Versions: Simple-File-List Plugin for WordPress versions through 4.2.2 Description: The Simple-File-List Plugin for WordPress is susceptible to Remote Code Execution via the rename function. This allows unauthenticated attackers to execute code on the...

9.8CVSS7.5AI score0.89304EPSS
Exploits5References14
CVE
CVEadded 2025/07/09 12:48 a.m.79 views

CVE-2025-34085

CVE-2025-34085 concerns the WordPress WordPress Simple File List plugin (pre-4.2.3) and describes a critical unauthenticated RCE via file upload and subsequent rename. The vulnerability arises because the plugin’s upload endpoint (ee-upload-engine.php) restricts uploads by extension but lacks pro...

7.6AI score
Exploits9
RedhatCVE
RedhatCVEadded 2025/05/23 4:40 a.m.3 views

CVE-2023-39924

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Mitchell Bennis Simple File List plugin = 6.1.9 versions...

5.9CVSS5.6AI score0.00138EPSS
Exploits0
Cvelist
Cvelistadded 2023/10/24 11:51 a.m.23 views

CVE-2023-39924 WordPress Simple File List Plugin <= 6.1.9 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Mitchell Bennis Simple File List plugin = 6.1.9 versions...

5.9CVSS5.5AI score0.00138EPSS
Exploits0References1
WPVulnDB
WPVulnDBadded 2023/02/28 12:0 a.m.15 views

Simple File List < 6.0.10 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to...

4.8CVSS4.9AI score0.00226EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDBadded 2022/09/19 12:0 a.m.17 views

Simple File List < 4.4.13 - Page Creation via CSRF

The plugin does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it's content via a CSRF attack. PoC...

6.5CVSS4.2AI score0.00194EPSS
Exploits2Affected Software1
Patchstack
Patchstackadded 2020/05/16 12:0 a.m.13 views

WordPress Simple File List plugin <= 4.2.7 - Authenticated Arbitrary File Deletion vulnerability

Authenticated Arbitrary File Deletion vulnerability discovered by Christian Niel Angel in WordPress Simple File List plugin versions = 4.2.7. Solution Update the WordPress Simple File List plugin to the latest available version at least 4.2.8...

9.8CVSS3.7AI score0.62952EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder