Login
9 Oct 2023

Full Path Disclosure Vulnerability in Simple File List

Hackers were recently probing for usage of the WordPress plugin Simple File List. While looking into a security change made in the latest version of the plugin, we found that as of the previous version, there was a full path disclosure vulnerability in the plugin. That type of vulnerability displays the full path of the file system of the website. That information can sometimes be combined with another vulnerability or it could disclose server usernames.

...

This post provides insights on a vulnerability in a WordPress plugin not discovered by us, where the discoverer hadn't provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so the rest of its contents are limited to subscribers of our service.

If you were using our service, you would have already been warned about this vulnerability if your website is vulnerable due to it. You can try out our service for free and then see the rest of the details of the vulnerability.

For existing customers, please log in to your account to view the contents of the post.

No related posts.

Plugin Security Scorecard Grade for Simple File List

Checked on August 24, 2024
C+

See issues causing the plugin to get less than A+ grade

Leave a Reply

Your email address will not be published. Required fields are marked *