Missing Authorization in Simple File List by Mitchell Bennis
CVE-2025-68591

Currently unrated

Key Information:

Vendor

WordPress
Status
Simple File List
Vendor
CVE Published:
24 December 2025

What is CVE-2025-68591?

A missing authorization vulnerability has been identified in the Simple File List plugin by Mitchell Bennis, allowing attackers to exploit improperly configured access control security levels. This can lead to unauthorized users gaining access to files or sensitive information stored within the application. Users of Simple File List versions n/a through 6.1.15 are advised to review their access control settings and apply necessary updates to mitigate potential risks.

Affected Version(s)

Simple File List <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/simp...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

daroo | Patchstack Bug Bounty Program
JSON
.
CVE-2025-68591 : Missing Authorization in Simple File List by Mitchell Bennis