5 matches found
CVE-2022-1119
The CVE-2022-1119 issue affects WordPress Simple File List plugin versions up to 3.2.7. It is caused by missing input validation in ee-downloader.php (eeFile parameter), enabling unauthenticated arbitrary file download/read of server files. A local-file-download/LFI is the documented impact. Reme...
CVE-2022-3062
CVE-2022-3062 affects the WordPress Simple File List plugin prior to 4.4.12. The vulnerability arises from not escaping parameters before outputting them in HTML attributes, enabling reflected Cross-Site Scripting. Impact is the execution of arbitrary JavaScript in the victim’s browser; remediati...
CVE-2020-12832
WordPress Simple File List plugin (versions
CVE-2022-3207
CVE-2022-3207 affects the WordPress Simple File List plugin for versions prior to 4.4.12. The vulnerability arises because the plugin does not adequately sanitize and escape some settings, enabling stored XSS by highly privileged users (e.g., admins). In multisite configurations, this could occur...
CVE-2022-3208
The CVE-2022-3208 issue affects the WordPress Simple File List plugin, specifically versions prior to 4.4.12 (and discussed in related advisories as 4.4.12 and earlier). The root cause is missing nonce checks, enabling a CSRF attack where a logged-in administrator could have a forged request crea...