Simple File List

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2020-36847 CRITICAL POC PATCH THREAT Act Now

The Simple File List plugin for WordPress through version 4.2.2 contains an unauthenticated remote code execution vulnerability. Attackers can upload PHP files disguised with image extensions and then rename them back to .php using the plugin's built-in rename functionality, bypassing all upload restrictions.

PHP WordPress RCE Simple File List

NVD WPScan Exploit-DB

CVSS 3.1

9.8

EPSS

86.1%

Threat

6.0

CVE-2020-36847

EPSS 86% 6.0 CVSS 9.8

CRITICAL POC PATCH THREAT Act Now

The Simple File List plugin for WordPress through version 4.2.2 contains an unauthenticated remote code execution vulnerability. Attackers can upload PHP files disguised with image extensions and then rename them back to .php using the plugin's built-in rename functionality, bypassing all upload restrictions.

PHP WordPress RCE +1

NVD WPScan Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy