CVE-2020-12832

Name of the Vulnerable Software and Affected Versions WordPress Plugin Simple File List versions prior to 4.2.8

Description The issue arises from the application's failure to properly verify user-supplied input, allowing attackers to delete arbitrary files. This is particularly problematic in cases where front-side file management occurs on a non-Linux platform, as the plugin mishandles a .. sequence within a pathname.

Recommendations For WordPress Plugin Simple File List versions prior to 4.2.8, update to version 4.2.8 or later to resolve the issue. As a temporary workaround, consider restricting file management capabilities to trusted users or disabling front-side file management until the update is applied.