Path Traversal Vulnerability in Simple File List by Mitchell Bennis
CVE-2025-54021

7.5HIGH

Key Information:

Vendor: WordPress
Status: Simple File List
Vendor: CVE Published:; 20 August 2025

What is CVE-2025-54021?

A path traversal vulnerability exists in the Simple File List plugin developed by Mitchell Bennis, enabling unauthorized users to access restricted directories and files. This flaw allows malicious actors to exploit the plugin across versions up to and including 6.1.14, potentially leading to arbitrary file downloads and further security compromises. It is crucial for users to update and secure their installations to mitigate risks associated with this vulnerability.

Affected Version(s)

Simple File List <= 6.1.14

References

https://patchstack.com/database/wordpress/plugin/simple-f...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2025
Vulnerability Reserved
Jul 16, 2025

Credit

Phat RiO - BlueRock (Patchstack Alliance)

WordPress

What is CVE-2025-54021?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit