Simplefilelist

Simple-file-list

5 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2022-3207

Exploit
  • EPSS 0.21%
  • Veröffentlicht 10.10.2022 21:15:11
  • Zuletzt bearbeitet 21.11.2024 07:19:03

The Simple File List WordPress plugin before 4.4.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis...

6.5

CVE-2022-3208

Exploit
  • EPSS 0.18%
  • Veröffentlicht 10.10.2022 21:15:11
  • Zuletzt bearbeitet 21.11.2024 07:19:03

The Simple File List WordPress plugin before 4.4.12 does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it's content via a CSRF attack.

6.1

CVE-2022-3062

Exploit
  • EPSS 48.66%
  • Veröffentlicht 26.09.2022 13:15:10
  • Zuletzt bearbeitet 22.05.2025 15:15:59

The Simple File List WordPress plugin before 4.4.12 does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting

7.5

CVE-2022-1119

Exploit
  • EPSS 90.56%
  • Veröffentlicht 19.04.2022 21:15:13
  • Zuletzt bearbeitet 21.11.2024 06:40:05

The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the ~/includes/ee-downloader.php file due to missing controls which makes it possible unauthenticated attackers to supply a path to a fil...

9.8

CVE-2020-12832

  • EPSS 76.28%
  • Veröffentlicht 13.05.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 05:00:21

WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input.