Lucene search

K
SimplefilelistSimple File List

7 matches found

CVE
CVE
added 2022/09/26 1:15 p.m.58 views

CVE-2022-3062

The Simple File List WordPress plugin before 4.4.12 does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting

6.1CVSS6AI score0.40293EPSS
CVE
CVE
added 2023/03/27 4:15 p.m.57 views

CVE-2023-1025

The Simple File List WordPress plugin before 6.0.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8CVSS4.7AI score0.00089EPSS
CVE
CVE
added 2022/10/10 9:15 p.m.50 views

CVE-2022-3207

The Simple File List WordPress plugin before 4.4.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8CVSS4.7AI score0.00113EPSS
CVE
CVE
added 2022/10/10 9:15 p.m.45 views

CVE-2022-3208

The Simple File List WordPress plugin before 4.4.12 does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it's content via a CSRF attack.

6.5CVSS6.3AI score0.00168EPSS
CVE
CVE
added 2024/11/14 6:15 a.m.41 views

CVE-2024-10146

The Simple File List WordPress plugin before 6.1.13 does not sanitise and escape a generated URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against admins.

5.4CVSS5.4AI score0.00055EPSS
CVE
CVE
added 2023/10/25 6:17 p.m.28 views

CVE-2023-39924

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mitchell Bennis Simple File List plugin

5.9CVSS5.1AI score0.00126EPSS
CVE
CVE
added 2025/07/12 10:15 a.m.14 views

CVE-2020-36847

The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be used to rename uploaded PHP code with a png extension to use a php extension. This allows unauthenticated attackers to execute code on the se...

9.8CVSS7.7AI score0.0372EPSS