WordPress Plugin Vulnerabilities
Simple File List < 3.2.8 - Unauthenticated Arbitrary File Download
Description
The plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the ~/includes/ee-downloader.php file due to missing controls which makes it possible unauthenticated attackers to supply a path to a file that will subsequently be downloaded
Affects Plugins
References
Classification
Type
FILE DOWNLOAD
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Bernardo Rodrigues
Verified
No
WPVDB ID
Timeline
Publicly Published
2019-06-02 (about 5 years ago)
Added
2022-03-29 (about 2 years ago)
Last Updated
2022-04-13 (about 2 years ago)