cleantalk
Vulnerabilities and Security Researches

Simple File List, CVE-2024-10146

CVE, Research URL

CVE-2024-10146

Home page URL

Security reports for Simple File List

Application

Simple File List

Published on
Nov 14, 2024
Research Description
The Simple File List WordPress plugin before 6.1.13 does not sanitise and escape a generated URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against admins.
Affected versions
Min -, max 6.1.13.
Status
vulnerable
Previous vulnerability researches
Simple File List (CVE-2025-47450) , May 09, 2025
Simple File List (CVE-2022-1119) , Jun 07, 2024
Simple File List (CVE-2020-12832) , Jun 07, 2024
Simple File List (CVE-2024-10146) , Nov 15, 2024
Simple File List (CVE-2022-3207) , Jun 07, 2024
New vulnerability
1 Click WordPress Migration Plugin – 100% FREE for a limited time (CVE-2025-3455) , May 10, 2025
EUCookieLaw (CVE-2025-3897) , May 10, 2025
Frontend Login and Registration Blocks (CVE-2025-3605) , May 10, 2025
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg (CVE-2025-4206) , May 10, 2025
Top 10 – WordPress Popular posts by WebberZone (CVE-2025-47509) , May 09, 2025