Simple File List < 6.1.13 - Reflected Cross-Site Scripting

Simple File List WordPress plugin \u003C 6.1.13 contains a reflected cross-site scripting caused by unsanitized URL output in an attribute, letting attackers execute malicious scripts in admin browsers, exploit requires victim to be an admin. id: CVE-2024-10146 info: name: Simple File List 6.1.13...

Simple File List < 4.4.12 - Cross Site Scripting

The plugin does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting id: CVE-2022-3062 info: name: Simple File List 4.4.12 - Cross Site Scripting author: r3Y3r53 severity: medium description: | The plugin does not escape parameters before...

WordPress Simple File List - Path Traversal

Simple File List plugin allows path traversal via file upload, enabling files to be written outside the upload directory. id: CVE-2020-12832 info: name: WordPress Simple File List - Path Traversal author: riteshs4hu severity: critical description: | Simple File List plugin allows path traversal v...

CVE-2026-24953

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Mitchell Bennis Simple File List simple-file-list allows Path Traversal.This issue affects Simple File List: from n/a through = 6.1.15...

CVE-2026-24953

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Mitchell Bennis Simple File List simple-file-list allows Path Traversal.This issue affects Simple File List: from n/a through = 6.1.15...

CVE-2026-24953 WordPress Simple File List plugin <= 6.1.15 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Mitchell Bennis Simple File List simple-file-list allows Path Traversal.This issue affects Simple File List: from n/a through = 6.1.15...

CVE-2026-24953

CVE-2026-24953 is a path traversal vulnerability in WordPress plugin Simple File List (versions 6.1.15, or apply vendor-provided fixes as available.

CVE-2026-24953 WordPress Simple File List plugin <= 6.1.15 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Mitchell Bennis Simple File List simple-file-list allows Path Traversal.This issue affects Simple File List: from n/a through = 6.1.15...

CVE-2026-24953

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Mitchell Bennis Simple File List simple-file-list allows Path Traversal.This issue affects Simple File List: from n/a through = 6.1.15...

WordPress plugin Simple File List 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-21235

Name of the Vulnerable Software and Affected Versions Simple File List versions through 6.1.15 Description The software contains a flaw related to improper limitation of a pathname to a restricted directory, also known as Path Traversal. This allows unauthorized access to files outside the intend...

WordPress Simple File List plugin <= 6.1.15 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by daroo in WordPress Plugin Simple File List versions = 6.1.15...

CVE-2023-4297

The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories...

CVE-2023-4514

The Mmm Simple File List WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress Simple File List plugin <= 6.1.18 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Simple File List versions = 6.1.18...

CVE-2025-68591

Missing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple File List: from n/a through = 6.1.18...

EUVD-2025-205244

Missing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple File List: from n/a through = 6.1.15...

CVE-2025-68591

Missing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple File List: from n/a through = 6.1.18...

CVE-2025-68591 WordPress Simple File List plugin <= 6.1.18 - Broken Access Control vulnerability

Missing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple File List: from n/a through = 6.1.18...

CVE-2025-68591 WordPress Simple File List plugin <= 6.1.18 - Broken Access Control vulnerability

Missing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple File List: from n/a through = 6.1.18...