CVE-2022-1119
published 2022-04-19CVE-2022-1119: The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the ~/includes/ee-downloader.php file due to…
PriorityP266high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOIT
Exploited in the wild
EPSS
19.61%
97.0th percentile
The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the ~/includes/ee-downloader.php file due to missing controls which makes it possible unauthenticated attackers to supply a path to a file that will subsequently be downloaded, in versions up to and including 3.2.7.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| eemitch | simple_file_list | <= 3.2.7 | — |
| msrc | cbl2_junit_on_cbl_mariner_2.0 | — | — |
| simplefilelist | simple-file-list | < 3.2.8 | 3.2.8 |
Detection & IOCsextracted from sources · hover to see the quote
url/wp-content/plugins/simple-file-list/includes/ee-downloader.php?eeFile=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e/wp-config.php↗
- →GET request to ee-downloader.php with eeFile parameter containing path traversal sequences (%2e%2e%2f) targeting wp-config.php; a 200 response body containing both 'DB_NAME' and 'DB_PASSWORD' confirms successful exploitation. ↗
- →The eeFile parameter is the injection point; monitor for URL-encoded dot-dot-slash traversal sequences (e.g., %2e%2e%2f) in requests to ee-downloader.php from unauthenticated users. ↗
- ·Vulnerability affects Simple File List plugin versions up to and including 3.2.7; version 3.2.8 and later are patched. Ensure version checks are scoped accordingly. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_msrc5.4MEDIUM
vendor_redhat5.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Cross-site Scripting in Jenkins JUnit Plugin
ghsa·2022-06-24
CVE-2022-34176 [HIGH] CWE-79 Cross-site Scripting in Jenkins JUnit Plugin
Cross-site Scripting in Jenkins JUnit Plugin
JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.
JUnit Plugin 1119.1121.vc43d0fc45561 applies the configured markup formatter to descriptions of test results.
GHSA
GHSA-m665-jg8v-5m5r: The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the ~/includes/ee-downloader
ghsa_unreviewed·2022-04-20
CVE-2022-1119 [HIGH] CWE-22 GHSA-m665-jg8v-5m5r: The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the ~/includes/ee-downloader
The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the ~/includes/ee-downloader.php file due to missing controls which makes it possible unauthenticated attackers to supply a path to a file that will subsequently be downloaded, in versions up to and including 3.2.7.
Red Hat
jenkins-plugin/junit: Stored XSS vulnerability in JUnit Plugin
vendor_redhat·2022-06-23·CVSS 5.4
CVE-2022-34176 [MEDIUM] CWE-79 jenkins-plugin/junit: Stored XSS vulnerability in JUnit Plugin
jenkins-plugin/junit: Stored XSS vulnerability in JUnit Plugin
Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.
A flaw was found in the JUnit Jenkins plugin. The manipulation with an unknown input leads to a Cross-site scripting vulnerability, impacting the integrity. This flaw allows an attacker to inject arbitrary HTML and script code into the website.
Package: jenkins-2-plugins (Red Hat OpenShift Container Platform 3.11) - Will not fix
Microsoft
Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Up
vendor_msrc·2022-06-14·CVSS 5.4
CVE-2022-34176 [MEDIUM] CWE-79 Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Up
Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we
No detection rules found.
Nuclei
WordPress Simple File List <3.2.8 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2022-1119 [HIGH] WordPress Simple File List <3.2.8 - Local File Inclusion
WordPress Simple File List <3.2.8 - Local File Inclusion
WordPress Simple File List before 3.2.8 is vulnerable to local file inclusion via the eeFile parameter in the ~/includes/ee-downloader.php due to missing controls which make it possible for unauthenticated attackers retrieve arbitrary files.
Template:
id: CVE-2022-1119
info:
name: WordPress Simple File List <3.2.8 - Local File Inclusion
author: random-robbie
severity: high
description: |
WordPress Simple File List before 3.2.8 is vulnerable to local file inclusion via the eeFile parameter in the ~/includes/ee-downloader.php due to missing controls which make it possible for unauthenticated attackers retrieve arbitrary files.
impact: |
An attacker can exploit this vulnerability to read sensitive files on the server, potentially le
No writeups or analysis indexed.
https://docs.google.com/document/d/1qIZXTzEpI4tO6832vk1KfsSAroT0FY2l--THlhJ8z3c/edithttps://plugins.trac.wordpress.org/browser/simple-file-list/trunk/includes/ee-downloader.php?rev=2071880https://wpscan.com/vulnerability/075a3cc5-1970-4b64-a16f-3ec97e22b606https://www.wordfence.com/threat-intel/vulnerabilities/id/ff21241d-e488-4460-b8c2-d5a070c8c107?source=cvehttps://docs.google.com/document/d/1qIZXTzEpI4tO6832vk1KfsSAroT0FY2l--THlhJ8z3c/edithttps://plugins.trac.wordpress.org/browser/simple-file-list/trunk/includes/ee-downloader.php?rev=2071880https://wpscan.com/vulnerability/075a3cc5-1970-4b64-a16f-3ec97e22b606https://www.wordfence.com/threat-intel/vulnerabilities/id/ff21241d-e488-4460-b8c2-d5a070c8c107?source=cve
2022-04-19
Published
Exploited in the wild