Missing Authorization vulnerability in Simple File List
CVE-2023-44227

7.5HIGH

Key Information:

Vendor: WordPress
Status: Simple File List
Vendor: CVE Published:; 17 April 2024

What is CVE-2023-44227?

A missing authorization vulnerability exists in the Simple File List plugin by Mitchell Bennis. This security flaw affects various versions of the plugin, enabling unauthorized users to access and manipulate files without proper permissions. Users of Simple File List should take immediate action to secure their installations and review access controls to mitigate potential exploitation risks.

Affected Version(s)

Simple File List <= 6.1.9

References

https://patchstack.com/database/vulnerability/simple-file...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2024
Vulnerability Reserved
Sep 27, 2023

Credit

Rafshanzani Suhada (Patchstack Alliance)

WordPress

What is CVE-2023-44227?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit