VYPR
Vendor

Simplefilelist

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2022-1119HigApr 19, 2022
    risk 0.50cvss 7.5epss 0.20

    The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the ~/includes/ee-downloader.php file due to missing controls which makes it possible unauthenticated attackers to supply a path to a file that will subsequently be…

  • CVE-2025-54021HigAug 20, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mitchell Bennis Simple File List simple-file-list allows Path Traversal.This issue affects Simple File List: from n/a through <= 6.1.14.

  • CVE-2026-24953MedFeb 20, 2026
    risk 0.42cvss 6.5epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mitchell Bennis Simple File List simple-file-list allows Path Traversal.This issue affects Simple File List: from n/a through <= 6.1.15.

  • CVE-2025-68591MedDec 24, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple File List: from n/a through <= 6.1.18.

  • CVE-2025-47450MedMay 7, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple File List: from n/a through <= 6.1.13.

  • CVE-2020-36847Jul 12, 2025
    risk 0.03cvss epss 0.13

    The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be used to rename uploaded PHP code with a png extension to use a php extension. This allows unauthenticated attackers to…

  • CVE-2024-10146Nov 14, 2024
    risk 0.00cvss epss 0.01

    The Simple File List WordPress plugin before 6.1.13 does not sanitise and escape a generated URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against admins.