Simple File List Plugin <= 3.2.4 - Unauthenticated Arbitrary File Download



Description
This vulnerability allows any user to download sensitive information by traversing the path
Authentication required: NO

Affects Plugin

fixed in version 3.2.8

References

URL https://docs.google.com/document/d/1qIZXTzEpI4tO6832vk1KfsSAroT0FY2l--THlhJ8z3c/edit?usp=sharing
URL https://plugins.trac.wordpress.org/changeset/2093272/simple-file-list

Classification

Type TRAVERSAL
OWASP Top 10 A1: Injection
CWE CWE-22

Miscellaneous

Original Researcher Admavidhya N
Submitter Admavidhya N
Views 3309
Verified No
WPVDB ID 9287

Timeline

Publicly Published 2019-05-23 (about 1 year ago)
Added 2019-05-27 (about 1 year ago)
Last Updated 2019-11-24 (8 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin