• Product: Simple File List
  • Vendor : https://elementengage.com
  • Vulnerable Version: Simple File List < 4.2.7
  • Category: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
  • Vendor Notified: 2020-05-03
  • Patched: May 11 2020
  • Researcher(s) : Christian Angel
  • CVE: 2020-12832

Simple File List is a free plugin that gives your WordPress website a list of your files allowing your users to open and download them. Users can also upload files if you choose. Simple File List is also an alternative to using FTP or Dropbox for larger files.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12832

https://plugins.trac.wordpress.org/changeset/2302759