cleantalk
Vulnerabilities and Security Researches

Simple File List, CVE-2023-1025

CVE, Research URL

CVE-2023-1025

Home page URL

Security reports for Simple File List

Application

Simple File List

Published on
Mar 27, 2023
Research Description
The Simple File List WordPress plugin before 6.0.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions
Min -, max 3.2.8.
Status
vulnerable
Previous vulnerability researches
Simple File List (CVE-2025-34085) , Jul 13, 2025
Simple File List (CVE-2025-47450) , May 09, 2025
Simple File List (CVE-2022-1119) , Jun 07, 2024
Simple File List (CVE-2020-12832) , Jun 07, 2024
Simple File List (CVE-2024-10146) , Nov 15, 2024
New vulnerability
WP Register Profile With Shortcode (CVE-2025-4593) , Jul 13, 2025
Simple File List (CVE-2025-34085) , Jul 13, 2025
Pakke Envíos (CVE-2025-52819) , Jul 13, 2025
Gwolle Guestbook (CVE-2025-5807) , Jul 13, 2025
Tennis Court Bookings (CVE-2025-52787) , Jul 13, 2025