{"id":59460,"date":"2025-07-18T04:46:06","date_gmt":"2025-07-18T04:46:06","guid":{"rendered":""},"modified":"2025-08-29T22:44:09","modified_gmt":"2025-08-30T04:44:09","slug":"cve-2020-36847-remote-code-execution-vulnerability-in-simple-file-list-wordpress-plugin","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2020-36847-remote-code-execution-vulnerability-in-simple-file-list-wordpress-plugin\/","title":{"rendered":"CVE-2020-36847: Remote Code Execution Vulnerability in Simple-File-List WordPress Plugin<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The Simple-File-List Plugin for WordPress, popular for file management among the WordPress community, has been found to contain a critical remote code execution vulnerability. Identified as CVE-2020-36847, this vulnerability poses a significant risk to any WordPress site using versions up to, and including, 4.2.2 of the plugin. Unauthenticated attackers can exploit this vulnerability to execute arbitrary code<\/a> on the server, potentially compromising the system and leading to data leakage.
\nThis vulnerability is of particular concern due to the high severity<\/a> score of 9.8 assigned by CVSS, which reflects its potential impact on system integrity and confidentiality. The fact that this vulnerability can be exploited without the attacker<\/a> requiring any prior authentication makes it all the more dangerous.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2020-36847
\nSeverity: Critical (CVSS: 9.8)
\nAttack Vector: Remote
\nPrivileges Required: None
\nUser Interaction: None
\nImpact: System compromise and potential data<\/a> leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n