WordPress Simple File List 漏洞列表

共找到 4 个与 WordPress Simple File List 相关的漏洞

📅 加载漏洞趋势中...

CVE-2022-1119: WordPress Simple File List <3.2.8 - Local File Inclusion POC

日期: 2025-09-01 | 影响软件: WordPress Simple File List

WordPress Simple File List before 3.2.8 is vulnerable to local file inclusion via the eeFile parameter in the ~/includes/ee-downloader.php due to missing controls which make it possible for unauthenticated attackers retrieve arbitrary files.
CVE-2022-1119: WordPress Simple File List <3.2.8 - Local File Inclusion POC

日期: 2025-08-01 | 影响软件: WordPress Simple File List

WordPress Simple File List before 3.2.8 is vulnerable to local file inclusion via the eeFile parameter in the ~/includes/ee-downloader.php due to missing controls which make it possible for unauthenticated attackers retrieve arbitrary files.
CVE-2025-34085: WordPress Simple File List <=4.2.2 - Remote Code Execution POC

日期: 2025-08-01 | 影响软件: WordPress Simple File List

An unrestricted file upload vulnerability in the WordPress Simple File List plugin before version 4.2.3 allows unauthenticated remote attackers to achieve remote code execution. The plugin's upload endpoint (ee-upload-engine.php) restricts file uploads based on extension, but lacks proper validation after file renaming. An attacker can first upload a PHP payload disguised as a .png file, then use the plugin’s ee-file-engine.php rename functionality to change the extension to .php. This bypasses upload restrictions and results in the uploaded payload being executable on the server.
WordPress Simple File List 插件 /wp-content/plugins/simple-file-list/ee-upload-engine.php 文件上传漏洞（CVE-2025-34085）无POC

日期: 2025-07-15 | 影响软件: WordPress Simple File List

WordPress Simple File List 插件是一款用于管理文件列表的插件，广泛应用于 WordPress 网站中。该插件的 /wp-content/plugins/simple-file-list/ee-upload-engine.php 文件存在代码执行漏洞（CVE-2025-34085）。攻击者可以通过该漏洞上传恶意文件并执行任意代码，从而完全控制受影响的 WordPress 网站。

CVE-2022-1119: WordPress Simple File List <3.2.8 - Local File Inclusion POC

CVE-2022-1119: WordPress Simple File List <3.2.8 - Local File Inclusion POC

CVE-2025-34085: WordPress Simple File List <=4.2.2 - Remote Code Execution POC

WordPress Simple File List 插件 /wp-content/plugins/simple-file-list/ee-upload-engine.php 文件上传漏洞 （CVE-2025-34085） 无POC

WordPress Simple File List 插件 /wp-content/plugins/simple-file-list/ee-upload-engine.php 文件上传漏洞（CVE-2025-34085）无POC