cleantalk
Vulnerabilities and Security Researches

Simple File List, CVE-2020-36847

CVE, Research URL

CVE-2020-36847

Home page URL

Security reports for Simple File List

Application

Simple File List

Published on
Jul 12, 2025
Research Description
The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be used to rename uploaded PHP code with a png extension to use a php extension. This allows unauthenticated attackers to execute code on the server.
Affected versions
max 4.2.3.
Status
vulnerable
Previous vulnerability researches
WP GDPR Cookie Consent (CVE-2026-8977) , Jun 10, 2026
WP GDPR Cookie Consent (CVE-2025-53316) , Jul 02, 2025
WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) (CVE-2025-66075) , Dec 11, 2025
WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) (CVE-2025-66133) , Jan 10, 2026
WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) (CVE-2025-14061) , Jan 10, 2026
New vulnerability
Dracula Dark Mode – Smooth Dark Mode & Enhanced Accessibility for WordPress (CVE-2023-33999) , Jun 13, 2026
Tablesome – Responsive Table, Email Log, Form Automation – Contact Form 7, Elementor, WPForms, Gravity Forms, Fluen (CVE-2023-33999) , Jun 13, 2026
Coming Soon Pages for WordPress – Coming Soon Booster (CVE-2023-33999) , Jun 13, 2026
Floating Awesome Button (Sticky Button & Popup) – CTA, Back to Top, Shortcodes, Widget, & More (CVE-2023-33999) , Jun 13, 2026
WooCommerce Bulk Edit Products – WP Sheet Editor (CVE-2023-33999) , Jun 13, 2026