Missing Authorization vulnerability in Simple File List
CVE-2023-44227

7.5HIGH

Key Information:

Vendor
WordPress
Status
Simple File List
Vendor
CVE Published:
17 April 2024

Summary

A missing authorization vulnerability exists in the Simple File List plugin by Mitchell Bennis. This security flaw affects various versions of the plugin, enabling unauthorized users to access and manipulate files without proper permissions. Users of Simple File List should take immediate action to secure their installations and review access controls to mitigate potential exploitation risks.

Affected Version(s)

Simple File List <= 6.1.9

References

https://patchstack.com/database/vulnerability/simple-file...
vdb-entry

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rafshanzani Suhada (Patchstack Alliance)
.