4 matches found
CVE-2020-36847 Simple File List < 4.2.3 - Remote Code Execution
The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be used to rename uploaded PHP code with a png extension to use a php extension. This allows unauthenticated attackers to execute code on the...
CVE-2025-34085
CVE-2025-34085 concerns the WordPress WordPress Simple File List plugin (pre-4.2.3) and describes a critical unauthenticated RCE via file upload and subsequent rename. The vulnerability arises because the pluginβs upload endpoint (ee-upload-engine.php) restricts uploads by extension but lacks pro...
CVE-2023-39924
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Mitchell Bennis Simple File List plugin = 6.1.9 versions...
CVE-2023-39924 WordPress Simple File List Plugin <= 6.1.9 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Mitchell Bennis Simple File List plugin = 6.1.9 versions...