cleantalk
Vulnerabilities and Security Researches

Simple File List, CVE-2022-1119

CVE, Research URL

CVE-2022-1119

Home page URL

Security reports for Simple File List

Application

Simple File List

Published on
Apr 20, 2022
Research Description
The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the ~/includes/ee-downloader.php file due to missing controls which makes it possible unauthenticated attackers to supply a path to a file that will subsequently be downloaded, in versions up to and including 3.2.7.
Affected versions
Min -, max 4.2.3.
Status
vulnerable
Previous vulnerability researches
Simple File List (CVE-2025-47450) , May 09, 2025
Simple File List (CVE-2022-1119) , Jun 07, 2024
Simple File List (CVE-2020-12832) , Jun 07, 2024
Simple File List (CVE-2024-10146) , Nov 15, 2024
Simple File List (CVE-2022-3207) , Jun 07, 2024
New vulnerability
EUCookieLaw (CVE-2025-3897) , May 10, 2025
Frontend Login and Registration Blocks (CVE-2025-3605) , May 10, 2025
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg (CVE-2025-4206) , May 10, 2025
Top 10 – WordPress Popular posts by WebberZone (CVE-2025-47509) , May 09, 2025
Easy Replace Image (CVE-2025-47483) , May 09, 2025