WordPress Plugin Vulnerabilities

Simple File List Plugin < 3.2.8 - Unauthenticated Arbitrary File Download

Description

This vulnerability allows any user to download sensitive information by traversing the path
Authentication required: NO

Affects Plugins

Plugin icon
simple-file-list
Fixed in 3.2.8

References

URL
https://docs.google.com/document/d/1qIZXTzEpI4tO6832vk1KfsSAroT0FY2l--THlhJ8z3c/edit?usp=sharing
URL
https://plugins.trac.wordpress.org/changeset/2093272/simple-file-list

Classification

Type
TRAVERSAL
OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Original Researcher
Admavidhya N
Submitter
Admavidhya N
Verified
No
WPVDB ID
075a3cc5-1970-4b64-a16f-3ec97e22b606

Timeline

Publicly Published
2019-05-23 (about 4 years ago)
Added
2019-05-27 (about 4 years ago)
Last Updated
2019-11-24 (about 4 years ago)

Other

Published
Title
Published
2022-08-22
Title
WPvivid Backup < 0.9.76 - Admin+ Arbitrary File Read
Published
2021-07-24
Title
AceIDE <= 2.6.2 - Authenticated (admin+) Arbitrary File Access
Published
2022-09-14
Title
Enable Media Replace < 4.0.0 - Admin+ Path Traversal
Published
2023-05-23
Title
WordPress File Upload < 4.19.2 - Admin+ Path Traversal
Published
2024-01-03
Title
WP Compress < 6.10.34 - Unauthenticated Arbitrary File Read