Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-36847


The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be used to rename uploaded PHP code with a png extension to use a php extension. This allows unauthenticated attackers to execute code on the server.


Published

2025-07-12T10:15:24.770

Last Modified

2025-07-29T20:37:27.933

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses
  • Type: Secondary
    CWE-434

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application simplefilelist simple_file_list < 4.2.3 Yes

References