Simple File List Security Vulnerabilities and Issues — Simple File List CVE List

SimplefilelistSimple File List

4 matches found

CVE•added 2023/03/27 3:37 p.m.•67 views

CVE-2023-1025

CVE-2023-1025 concerns the WordPress plugin Simple File List prior to version 6.0.10. The issue arises from insufficient sanitisation and escaping of certain settings, enabling Stored Cross-Site Scripting (XSS) by high-privilege users (e.g., admin) even when unfiltered_html is disallowed (such as...

4.8CVSS4.7AI score0.00442EPSS

Web

CVE•added 2025/07/12 9:24 a.m.•56 views

CVE-2020-36847

CVE-2020-36847 affects the WordPress Simple File List plugin (versions ≤ 4.2.2). The vulnerability is Remote Code Execution via the plugin’s file-renaming flow (rename of uploaded PHP disguised as PNG to PHP), allowing unauthenticated code execution on the server. Affected component: Simple File ...

9.8CVSS7.7AI score0.12633EPSS

In wildWeb

CVE•added 2024/11/14 6:0 a.m.•54 views

CVE-2024-10146

The CVE concerns the WordPress plugin Simple File List, versions before 6.1.13. The issue is a reflected XSS caused by a generated URL being output in an attribute without proper sanitisation/escaping, which can execute malicious scripts in an admin’s browser. Exploitation requires the victim to ...

5.4CVSS5.4AI score0.00574EPSS

CVE•added 2023/10/24 11:51 a.m.•37 views

CVE-2023-39924

CVE-2023-39924 affects the WordPress plugin Mitchell Bennis Simple File List (versions

5.9CVSS5.1AI score0.00394EPSS