Eemitch Simple File List vulnerabilities
5 known vulnerabilities affecting eemitch/simple_file_list.
Total CVEs
5
CISA KEV
0
Public exploits
2
Exploited in wild
2
Severity breakdown
CRITICAL1HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2020-36847P1CRITICALCVSS 9.8ExploitedPoCfixed in 4.2.32025-07-12
CVE-2020-36847 [CRITICAL] CWE-434 CVE-2020-36847: The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to,
The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be used to rename uploaded PHP code with a png extension to use a php extension. This allows unauthenticated attackers to execute code on the server.
nvd
CVE-2022-1119P2HIGHCVSS 7.5ExploitedPoC≤ 3.2.72022-04-19
CVE-2022-1119 [HIGH] CWE-22 CVE-2022-1119: The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parame
The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the ~/includes/ee-downloader.php file due to missing controls which makes it possible unauthenticated attackers to supply a path to a file that will subsequently be downloaded, in versions up to and including 3.2.7.
nvd
CVE-2026-11911P3HIGHCVSS 7.5≤ 6.3.72026-06-20
CVE-2026-11911 [HIGH] CWE-22 CVE-2026-11911: The Simple File List plugin for WordPress is vulnerable to arbitrary file deletion due to insufficie
The Simple File List plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the eeSFL_DeleteFile function in all versions up to, and including, 6.3.7. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the ri
nvd
CVE-2026-11912P3HIGHCVSS 7.5≤ 6.3.72026-06-20
CVE-2026-11912 [HIGH] CWE-862 CVE-2026-11912: The Simple File List plugin for WordPress is vulnerable to arbitrary file modification due to insuff
The Simple File List plugin for WordPress is vulnerable to arbitrary file modification due to insufficient authorization checks in all versions up to, and including, 6.3.7. This makes it possible for unauthenticated attackers to delete and modify files on the serve. This vulnerability is exploitable even when the administrator has not enabled the Allo
nvd
CVE-2026-12119P3MEDIUMCVSS 6.5≤ 6.3.72026-06-20
CVE-2026-12119 [MEDIUM] CWE-862 CVE-2026-12119: The Simple File List plugin for WordPress is vulnerable to unauthorized file operations due to a mis
The Simple File List plugin for WordPress is vulnerable to unauthorized file operations due to a missing authorization check on the 'frontmanage' shortcode attribute in all versions up to, and including, 6.3.7. This makes it possible for authenticated attackers, with contributor-level access and above, to perform arbitrary file operations including
nvd