CVE-2025-34085 | THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

Description

An unrestricted file upload vulnerability in the WordPress Simple File List plugin prior to version 4.2.3 allows unauthenticated remote attackers to achieve remote code execution. The plugin's upload endpoint (ee-upload-engine.php) restricts file uploads based on extension, but lacks proper validation after file renaming. An attacker can first upload a PHP payload disguised as a .png file, then use the plugin’s ee-file-engine.php rename functionality to change the extension to .php. This bypasses upload restrictions and results in the uploaded payload being executable on the server.

Reserved 2025-04-15 | Published 2025-07-09 | Updated 2025-07-09 | Assigner VulnCheck

CRITICAL: 10.0CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

CWE-306 Missing Authentication for Critical Function

Product status

Default status

unaffected

* before 4.2.3

affected

Credits

coiffeur finder

References

raw.githubusercontent.com/...http/wp_simple_file_list_rce.rb exploit

plugins.trac.wordpress.org/...geset/2286920/simple-file-list patch

www.wordfence.com/...ple-file-list-423-remote-code-execution third-party-advisory

web.archive.org/...3/https://wpscan.com/vulnerability/10192/ third-party-advisory

www.cybersecurity-help.cz/vdb/SB2020042711 third-party-advisory

packetstorm.news/files/id/160221 exploit

wordpress.org/plugins/simple-file-list/ product

simplefilelist.com/ product

vulncheck.com/...ories/wordpress-simple-file-list-plugin-rce third-party-advisory

cve.org (CVE-2025-34085)

nvd.nist.gov (CVE-2025-34085)

Download JSON

https://cve.threatint.eu/CVE/CVE-2025-34085

Support options

Helpdesk Chat, Email, Knowledgebase