cleantalk
Vulnerabilities and Security Researches

Simple File List, CVE-2024-10146

CVE, Research URL

CVE-2024-10146

Home page URL

Security reports for Simple File List

Application

Simple File List

Published on
Nov 14, 2024
Research Description
The Simple File List WordPress plugin before 6.1.13 does not sanitise and escape a generated URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against admins.
Affected versions
max 6.1.13.
Status
vulnerable
Previous vulnerability researches
Simple File List (CVE-2025-34085) , Jul 13, 2025
Simple File List (CVE-2025-47450) , May 09, 2025
Simple File List (CVE-2022-1119) , Jun 07, 2024
Simple File List (CVE-2020-12832) , Jun 07, 2024
Simple File List (CVE-2024-10146) , Nov 15, 2024
New vulnerability
Visual Website Collaboration, Feedback & Project Management – Atarim (CVE-2026-25019) , Feb 27, 2026
Visual Website Collaboration, Feedback & Project Management – Atarim (CVE-2025-67993) , Feb 27, 2026
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress (CVE-2026-24965) , Feb 27, 2026
Nelio AB Testing (CVE-2026-25378) , Feb 27, 2026
VK All in One Expansion Unit (CVE-2025-11737) , Feb 27, 2026