PT-2025-28831 · WordPress · Wordpress Simple File List

Coiffeur

Published

2025-07-09

Updated

2025-11-14

CVE-2025-34085

CVSS v4.0

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions: Simple File List plugin for WordPress versions prior to 4.2.3

Description: An unrestricted file upload vulnerability exists in the Simple File List plugin for WordPress. The plugin’s upload endpoint (ee-upload-engine.php) restricts file uploads based on extension but lacks proper validation after renaming. An attacker can upload a PHP payload disguised as a .png file and then use the plugin’s ee-file-engine.php rename functionality to change the extension to .php, bypassing upload restrictions and enabling execution of the uploaded payload on the server.

Recommendations: Update the Simple File List plugin to version 4.2.3 or later.

Exploit

Fix

RCE

Missing Authentication

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-434

Related Identifiers

CVE-2025-34085

Affected Products

Wordpress Simple File List

PT-2025-28831 · WordPress · Wordpress Simple File List

CVE-2025-34085

Weakness Enumeration

Related Identifiers

Affected Products

References · 23