Simplefilelist Simple-file-list — known CVE vulnerabilities
Every CVE whose affected-product data names Simplefilelist Simple-file-list, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2020-12832 — CVSS 9.8 (critical): WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerability that lets attackers delete arbitrary files because the…
CVE-2022-1119 — CVSS 7.5 (high): The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the ~/includes/ee-downloade…
CVE-2022-3208 — CVSS 6.5 (medium): The Simple File List WordPress plugin before 4.4.12 does not implement nonce checks, which could allow attackers to make a logged in admin…
CVE-2022-3062 — CVSS 6.1 (medium): The Simple File List WordPress plugin before 4.4.12 does not escape parameters before outputting them back in attributes, leading to…
CVE-2022-3207 — CVSS 4.8 (medium): The Simple File List WordPress plugin before 4.4.12 does not sanitise and escape some of its settings, which could allow high privilege…