WordPress Plugin Vulnerabilities

Simple File List < 4.2.8 - Authenticated Arbitrary File Deletion

Description

The Simple File List WordPress plugin was affected by an Authenticated Arbitrary File Deletion security vulnerability.

Affects Plugins

Plugin icon
simple-file-list
Fixed in 4.2.8

References

CVE
CVE-2020-12832
URL
https://ctulhu.me/2020/05/16/cve-2020-12832/

Classification

Type
TRAVERSAL
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
8.1 (high)

Miscellaneous

Original Researcher
Christian Angel
Verified
No
WPVDB ID
422360b9-4c70-4fd9-9833-375f1294bd7a

Timeline

Publicly Published
2020-05-16 (about 5 years ago)
Added
2020-06-03 (about 5 years ago)
Last Updated
2020-06-04 (about 5 years ago)

Other

Published
Title
Published
2022-10-28
Title
Ultimate Member < 2.5.1 - Subscriber+ RCE
Published
2022-08-29
Title
WPvivid Backup 0.9.76 - Admin+ Arbitrary File Deletion
Published
2023-09-26
Title
Welcart e-Commerce < 2.8.22 - Author+ Path Traversal
Published
2025-09-03
Title
atec Debug < 1.2.23 - Admin+ Arbitrary File Deletion
Published
2025-02-13
Title
Bit Assist < 1.5.3 - Admin+ Arbitrary File Read