Lucene search
K
SimplefilelistSimple-file-list

5 matches found

CVE
CVE
added 2022/04/19 8:26 p.m.212 views

CVE-2022-1119

The CVE-2022-1119 issue affects WordPress Simple File List plugin versions up to 3.2.7. It is caused by missing input validation in ee-downloader.php (eeFile parameter), enabling unauthenticated arbitrary file download/read of server files. A local-file-download/LFI is the documented impact. Reme...

7.5CVSS7.4AI score0.19958EPSS
In wildWeb
CVE
CVE
added 2022/09/26 12:35 p.m.91 views

CVE-2022-3062

CVE-2022-3062 affects the WordPress Simple File List plugin prior to 4.4.12. The vulnerability arises from not escaping parameters before outputting them in HTML attributes, enabling reflected Cross-Site Scripting. Impact is the execution of arbitrary JavaScript in the victim’s browser; remediati...

6.1CVSS6AI score0.44095EPSS
Web
CVE
CVE
added 2020/05/13 5:52 p.m.82 views

CVE-2020-12832

WordPress Simple File List plugin (versions

9.8CVSS9.3AI score0.07131EPSS
In wild
CVE
CVE
added 2022/10/10 12:0 a.m.65 views

CVE-2022-3207

CVE-2022-3207 affects the WordPress Simple File List plugin for versions prior to 4.4.12. The vulnerability arises because the plugin does not adequately sanitize and escape some settings, enabling stored XSS by highly privileged users (e.g., admins). In multisite configurations, this could occur...

4.8CVSS4.7AI score0.0047EPSS
Web
CVE
CVE
added 2022/10/10 12:0 a.m.56 views

CVE-2022-3208

The CVE-2022-3208 issue affects the WordPress Simple File List plugin, specifically versions prior to 4.4.12 (and discussed in related advisories as 4.4.12 and earlier). The root cause is missing nonce checks, enabling a CSRF attack where a logged-in administrator could have a forged request crea...

6.5CVSS6.3AI score0.00338EPSS
Web