Unknown Simple File List vulnerabilities

CVE-2024-10146 [MEDIUM] CWE-79 CVE-2024-10146: The Simple File List WordPress plugin before 6.1.13 does not sanitise and escape a generated URL bef The Simple File List WordPress plugin before 6.1.13 does not sanitise and escape a generated URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against admins.

CVE-2023-1025 [MEDIUM] CWE-79 CVE-2023-1025: The Simple File List WordPress plugin before 6.0.10 does not sanitise and escape some of its setting The Simple File List WordPress plugin before 6.0.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVE-2022-3207 [MEDIUM] CWE-79 CVE-2022-3207: The Simple File List WordPress plugin before 4.4.12 does not sanitise and escape some of its setting The Simple File List WordPress plugin before 4.4.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE-2022-3208 [MEDIUM] CWE-352 CVE-2022-3208: The Simple File List WordPress plugin before 4.4.12 does not implement nonce checks, which could all The Simple File List WordPress plugin before 4.4.12 does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it's content via a CSRF attack.

CVE-2022-3062 [MEDIUM] CWE-79 CVE-2022-3062: The Simple File List WordPress plugin before 4.4.12 does not escape parameters before outputting the The Simple File List WordPress plugin before 4.4.12 does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting