9.8
CVE-2020-36847
- EPSS 86.14%
- Veröffentlicht 12.07.2025 09:24:28
- Zuletzt bearbeitet 29.07.2025 20:37:27
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginSimple File List < 4.2.3 - Remote Code Execution
The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be used to rename uploaded PHP code with a png extension to use a php extension. This allows unauthenticated attackers to execute code on the server.
Mögliche Gegenmaßnahme
Simple File List: Update to version 4.2.3, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Simple File List
Version
[*, 4.2.3)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Simplefilelist ≫ Simple File List SwPlatformwordpress Version < 4.2.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 86.14% | 0.994 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.