← Volver a CVEs
CVE-2020-36847
CRITICAL9.8
Descripcion
The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be used to rename uploaded PHP code with a png extension to use a php extension. This allows unauthenticated attackers to execute code on the server.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado7/12/2025
Ultima modificacion7/29/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
simplefilelist:simple_file_list
Debilidades (CWE)
CWE-434
Referencias
https://packetstormsecurity.com/files/160221/(security@wordfence.com)
https://plugins.trac.wordpress.org/changeset/2286920/simple-file-list(security@wordfence.com)
https://wpscan.com/vulnerability/365da9c5-a8d0-45f6-863c-1b1926ffd574/(security@wordfence.com)
https://www.cybersecurity-help.cz/vdb/SB2020042711(security@wordfence.com)
https://www.wordfence.com/threat-intel/vulnerabilities/id/9eb835fd-6ebf-4162-856c-0366b663a07e?source=cve(security@wordfence.com)
https://wpscan.com/vulnerability/365da9c5-a8d0-45f6-863c-1b1926ffd574/(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.