Simple File List Plugin <= 3.2.4 – Authenticated Arbitrary File Delete

Affects Plugins

simple-file-list

Fixed in 3.2.5

References

URL

https://docs.google.com/document/d/11KLjuMaHLjPBf2R-Af1R01JNebD5mLRDBnCadmNmC_M/edit?usp=sharing

URL

https://plugins.trac.wordpress.org/changeset/2093272/simple-file-list

Classification

Type

TRAVERSAL

OWASP top 10

A1: Injection

CWE

CWE-22

Miscellaneous

Original Researcher

Admavidhya N

Submitter

Admavidhya N

Verified

No

WPVDB ID

38119afe-f308-40e3-a8b8-06f3a4011bcd

Timeline

Publicly Published

2019-05-23 (about 6 years ago)

Added

2019-05-27 (about 6 years ago)

Last Updated

2019-11-07 (about 6 years ago)

Other

Published

Title

Published

2019-01-25

Title

Health Check & Troubleshooting <= 1.2.3 - Authenticated Path Traversal

Published

2024-03-04

Title

File Manager And File Manager Pro (Multiple Versions) - Directory Traversal

Published

2025-09-16

Title

OrderConvo < 14 - Unauthenticated Arbitrary File Read

Published

2023-06-22

Title

Ninja Forms < 3.6.25 - Admin+ Arbitrary File Deletion

Published

2021-12-01

Title

OMGF < 4.5.12 - Admin+ Arbitrary Folder Deletion via Path Traversal