Lucene search
K

322 matches found

NVD
NVD
added 12 hours ago3 views

CVE-2026-57382

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mitchell Bennis Simple File List simple-file-list allows Reflected XSS.This issue affects Simple File List: from n/a through = 6.3.8...

7.1CVSS
Exploits0References1
CVE
CVE
added 13 hours ago5 views

CVE-2026-57382

CVE-2026-57382 is a reflected XSS vulnerability in the WordPress plugin Simple File List (version range: affected up to 6.3.8). The issue arises in the plugin’s web page generation and input handling, enabling a reflected cross-site scripting payload. CVSSv3.1 metrics indicate Network attack vect...

7.1CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 13 hours ago6 views

CVE-2026-57382 WordPress Simple File List plugin <= 6.3.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mitchell Bennis Simple File List simple-file-list allows Reflected XSS.This issue affects Simple File List: from n/a through = 6.3.8...

7.1CVSS
Exploits0References1
Nuclei
Nuclei
added 17 hours ago43 views

Simple File List < 4.4.12 - Cross Site Scripting

The plugin does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting id: CVE-2022-3062 info: name: Simple File List 4.4.12 - Cross Site Scripting author: r3Y3r53 severity: medium description: | The plugin does not escape parameters before...

6.1CVSS6.8AI score0.44095EPSS
Exploits2References4
Nuclei
Nuclei
added 17 hours ago14 views

Simple File List < 6.1.13 - Reflected Cross-Site Scripting

Simple File List WordPress plugin \u003C 6.1.13 contains a reflected cross-site scripting caused by unsanitized URL output in an attribute, letting attackers execute malicious scripts in admin browsers, exploit requires victim to be an admin. id: CVE-2024-10146 info: name: Simple File List 6.1.13...

5.4CVSS6.1AI score0.0057EPSS
Exploits1References2
Nuclei
Nuclei
added 17 hours ago37 views

WordPress Simple File List - Path Traversal

Simple File List plugin allows path traversal via file upload, enabling files to be written outside the upload directory. id: CVE-2020-12832 info: name: WordPress Simple File List - Path Traversal author: riteshs4hu severity: critical description: | Simple File List plugin allows path traversal v...

9.8CVSS7AI score0.07131EPSS
Exploits0References2
NVD
NVD
added 3 days ago7 views

CVE-2026-41877

R-SOFT DMS is vulnerable to Stored XSS in file upload functionality. Authenticated attacker can inject arbitrary HTML and JS into the name of the file being uploaded, which will be executed when visiting file list or upload status by other users. This issue was fixed in version v3.19-2832 and...

5.1CVSS0.0039EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago7 views

CVE-2026-41877

R-SOFT DMS is vulnerable to Stored XSS in file upload functionality. Authenticated attacker can inject arbitrary HTML and JS into the name of the file being uploaded, which will be executed when visiting file list or upload status by other users. This issue was fixed in version v3.19-2832 and...

8.7CVSS6.2AI score0.01228EPSS
Exploits0References2
Patchstack
Patchstack
added 6 days ago5 views

WordPress Simple File List plugin <= 6.3.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Simple File List versions = 6.3.8...

7.1CVSS5.9AI score
Exploits0Affected Software1
OSV
OSV
added 2026/06/25 5:41 p.m.3 views

JLSEC-2026-631 Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in...

Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recvfiles in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CFINCRECURSE in compatibility flags and sending a...

6.9CVSS5.8AI score0.00503EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/06/22 9:41 a.m.7 views

WordPress Simple File List plugin <= 6.3.7 - Missing Authorization to Unauthenticated File Modification via simplefilelist_edit_job AJAX Action vulnerability

Missing Authorization to Unauthenticated File Modification via simplefilelisteditjob AJAX Action vulnerability discovered by WordFence in WordPress Plugin Simple File List versions = 6.3.7...

7.5CVSS5.9AI score0.00433EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/22 8:41 a.m.10 views

WordPress Simple File List plugin <= 6.3.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Operations (Deletion / Move / Folder Creation / Download) via 'frontmanage' Shortcode Attribute vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary File Operations Deletion / Move / Folder Creation / Download via 'frontmanage' Shortcode Attribute vulnerability discovered by WordFence in WordPress Plugin Simple File List versions = 6.3.7...

6.5CVSS5.9AI score0.00267EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/20 9:16 a.m.17 views

CVE-2026-12119

The Simple File List plugin for WordPress is vulnerable to unauthorized file operations due to a missing authorization check on the 'frontmanage' shortcode attribute in all versions up to, and including, 6.3.7. This makes it possible for authenticated attackers, with contributor-level access and...

6.5CVSS0.00267EPSS
Exploits0References6
NVD
NVD
added 2026/06/20 9:16 a.m.15 views

CVE-2026-11912

The Simple File List plugin for WordPress is vulnerable to arbitrary file modification due to insufficient authorization checks in all versions up to, and including, 6.3.7. This makes it possible for unauthenticated attackers to delete and modify files on the serve. This vulnerability is...

7.5CVSS0.00433EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/20 8:29 a.m.9 views

EUVD-2026-38107

The Simple File List plugin for WordPress is vulnerable to unauthorized file operations due to a missing authorization check on the 'frontmanage' shortcode attribute in all versions up to, and including, 6.3.7. This makes it possible for authenticated attackers, with contributor-level access and...

6.5CVSS6AI score0.00267EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/20 8:29 a.m.34 views

CVE-2026-12119 Simple File List <= 6.3.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Operations (Deletion / Move / Folder Creation / Download) via 'frontmanage' Shortcode Attribute

The Simple File List plugin for WordPress is vulnerable to unauthorized file operations due to a missing authorization check on the 'frontmanage' shortcode attribute in all versions up to, and including, 6.3.7. This makes it possible for authenticated attackers, with contributor-level access and...

6.5CVSS0.00267EPSS
Exploits0References6
CVE
CVE
added 2026/06/20 8:29 a.m.23 views

CVE-2026-12119

The CVE concerns the Simple File List WordPress plugin (≤6.3.7). A missing authorization check on the frontmanage shortcode attribute allows authenticated users with contributor-level access or higher to perform arbitrary file operations (delete, move, folder creation, download). The vulnerabilit...

6.5CVSS6AI score0.00267EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/20 8:29 a.m.10 views

CVE-2026-12119

The Simple File List plugin for WordPress is vulnerable to unauthorized file operations due to a missing authorization check on the 'frontmanage' shortcode attribute in all versions up to, and including, 6.3.7. This makes it possible for authenticated attackers, with contributor-level access and...

6.5CVSS6AI score0.00267EPSS
Exploits0References7
CVE
CVE
added 2026/06/20 8:29 a.m.34 views

CVE-2026-11912

The CVE-2026-11912 entry documents a vulnerability in the WordPress Simple File List plugin (≤ 6.3.7) where insufficient authorization allows arbitrary file modification. The issue affects all versions up to 6.3.7 and enables unauthenticated attackers to delete/modify files on the server. The roo...

7.5CVSS6AI score0.00433EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/20 8:29 a.m.9 views

EUVD-2026-38105

The Simple File List plugin for WordPress is vulnerable to arbitrary file modification due to insufficient authorization checks in all versions up to, and including, 6.3.7. This makes it possible for unauthenticated attackers to delete and modify files on the serve. This vulnerability is...

7.5CVSS6AI score0.00433EPSS
Exploits0References7
Rows per page
Query Builder