EUVD-2020-30797

Malware in sbrugna...

CVE-2020-36847 Simple File List < 4.2.3 - Remote Code Execution

The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be used to rename uploaded PHP code with a png extension to use a php extension. This allows unauthenticated attackers to execute code on the...

PT-2025-29315 · WordPress · Simple-File-List Plugin

Name of the Vulnerable Software and Affected Versions: Simple-File-List Plugin for WordPress versions through 4.2.2 Description: The Simple-File-List Plugin for WordPress is susceptible to Remote Code Execution via the rename function. This allows unauthenticated attackers to execute code on the...

CVE-2025-34085

CVE-2025-34085 concerns the WordPress WordPress Simple File List plugin (pre-4.2.3) and describes a critical unauthenticated RCE via file upload and subsequent rename. The vulnerability arises because the plugin’s upload endpoint (ee-upload-engine.php) restricts uploads by extension but lacks pro...

CVE-2023-39924

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Mitchell Bennis Simple File List plugin = 6.1.9 versions...

CVE-2023-39924 WordPress Simple File List Plugin <= 6.1.9 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Mitchell Bennis Simple File List plugin = 6.1.9 versions...