Simplefilelist Simple_file_list

4 CVEs affecting Simplefilelist Simple_file_list. Latest disclosed: 2025-07-12. Critical: 1, High: 0.

Top CVEs affecting Simplefilelist Simple_file_list
CVESeverityScorePublishedSummary
CVE-2020-36847Critical9.82025-07-12The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be u…
CVE-2023-39924Medium5.92023-10-25Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mitchell Bennis Simple File List plugin <= 6.1.9 versions.
CVE-2024-10146Medium5.42024-11-14The Simple File List WordPress plugin before 6.1.13 does not sanitise and escape a generated URL before outputting it back in an attribute, leading to a Reflec…
CVE-2023-1025Medium4.82023-03-27The Simple File List WordPress plugin before 6.0.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to…