Simplefilelist Simple_file_list
4 CVEs affecting Simplefilelist Simple_file_list. Latest disclosed: 2025-07-12. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-36847 | Critical | 9.8 | 2025-07-12 | The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be u… |
CVE-2023-39924 | Medium | 5.9 | 2023-10-25 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mitchell Bennis Simple File List plugin <= 6.1.9 versions. |
CVE-2024-10146 | Medium | 5.4 | 2024-11-14 | The Simple File List WordPress plugin before 6.1.13 does not sanitise and escape a generated URL before outputting it back in an attribute, leading to a Reflec… |
CVE-2023-1025 | Medium | 4.8 | 2023-03-27 | The Simple File List WordPress plugin before 6.0.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to… |