VYPR

Simple File List

by WordPress

Source repositories

CVEs (17)

  • CVE-2020-12832CriMay 13, 2020
    risk 0.64cvss 9.8epss 0.07

    WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input.

  • CVE-2020-36847CriJul 12, 2025
    risk 0.61cvss 9.8epss 0.13

    The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be used to rename uploaded PHP code with a png extension to use a php extension. This allows unauthenticated attackers to…

  • CVE-2022-1119HigApr 19, 2022
    risk 0.50cvss 7.5epss 0.20

    The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the ~/includes/ee-downloader.php file due to missing controls which makes it possible unauthenticated attackers to supply a path to a file that will subsequently be…

  • CVE-2023-44227HigApr 17, 2024
    risk 0.49cvss 7.5epss 0.01

    Missing Authorization vulnerability in Mitchell Bennis Simple File List.This issue affects Simple File List: from n/a through 6.1.9.

  • CVE-2022-3062MedSep 26, 2022
    risk 0.43cvss 6.1epss 0.44

    The Simple File List WordPress plugin before 4.4.12 does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting

  • CVE-2022-3208MedOct 10, 2022
    risk 0.42cvss 6.5epss 0.00

    The Simple File List WordPress plugin before 4.4.12 does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it's content via a CSRF attack.

  • CVE-2023-39924MedOct 25, 2023
    risk 0.38cvss 5.9epss 0.00

    Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mitchell Bennis Simple File List plugin <= 6.1.9 versions.

  • CVE-2025-68591MedDec 24, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple File List: from n/a through <= 6.1.18.

  • CVE-2024-10146MedNov 14, 2024
    risk 0.35cvss 5.4epss 0.01

    The Simple File List WordPress plugin before 6.1.13 does not sanitise and escape a generated URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against admins.

  • CVE-2023-4514MedNov 27, 2023
    risk 0.35cvss 5.4epss 0.00

    The Mmm Simple File List WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site…

  • CVE-2025-47450MedMay 7, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple File List: from n/a through <= 6.1.13.

  • CVE-2023-1025MedMar 27, 2023
    risk 0.31cvss 4.8epss 0.00

    The Simple File List WordPress plugin before 6.0.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…

  • CVE-2022-3207MedOct 10, 2022
    risk 0.31cvss 4.8epss 0.00

    The Simple File List WordPress plugin before 4.4.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…

  • CVE-2023-4297MedNov 27, 2023
    risk 0.28cvss 4.3epss 0.01

    The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories.

  • CVE-2026-12119Jun 20, 2026
    risk 0.00cvss epss 0.00

    The Simple File List plugin for WordPress is vulnerable to unauthorized file operations due to a missing authorization check on the 'frontmanage' shortcode attribute in all versions up to, and including, 6.3.7. This makes it possible for authenticated attackers, with…

  • CVE-2026-11911Jun 20, 2026
    risk 0.00cvss epss 0.01

    The Simple File List plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the eeSFL_DeleteFile function in all versions up to, and including, 6.3.7. This makes it possible for unauthenticated attackers to delete arbitrary…

  • CVE-2026-11912Jun 20, 2026
    risk 0.00cvss epss 0.00

    The Simple File List plugin for WordPress is vulnerable to arbitrary file modification due to insufficient authorization checks in all versions up to, and including, 6.3.7. This makes it possible for unauthenticated attackers to delete and modify files on the serve. This…