The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the ~/includes/ee-downloader.php file due to missing controls which makes it possible unauthenticated attackers to supply a path to a file that will subsequently be downloaded, in versions up to and including 3.2.7.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2022-04-19T20:26:35
Updated: 2024-08-02T23:55:23.871Z
Reserved: 2022-03-28T00:00:00
Link: CVE-2022-1119
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-04-19T21:15:13.810
Modified: 2024-11-21T06:40:05.130
Link: CVE-2022-1119
Redhat
No data.