CVE-2022-1119 Scanner
Detects 'Arbitrary File Download' vulnerability in Simple File List plugin for WordPress affects v. up to and including 3.2.7.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
29 days
Scan only one
URL
Toolbox
-
The Simple File List plugin for WordPress is a popular tool used to display lists of files on websites. It is a useful extension for websites that require file sharing among users, such as file repositories, business websites, or educational institutions. With this plugin, website owners have an easy way to create file lists that can be sorted, filtered, and searched by users.
CVE-2022-1119 is a serious vulnerability detected in the Simple File List plugin for WordPress. The vulnerability is related to the eeFile parameter found in the ~/includes/ee-downloader.php file, which allows unauthenticated attackers to download any file from the affected website. This vulnerability can lead to the unauthorized access and disclosure of sensitive information, including personal data, passwords, and confidential documents.
When exploited, the CVE-2022-1119 vulnerability can have disastrous consequences for website owners, users, and visitors. Cybercriminals can use this vulnerability to gain access to sensitive data and steal users' personal information. Moreover, they can use the downloaded files to inject malware, spyware, or ransomware into the affected system. This can lead to further damage, data losses, and financial losses for the website owners and users.
At s4e.io, we provide a wide range of security solutions to help website owners protect their digital assets effectively. Our pro features include vulnerability scanning, malware removal, and security monitoring, all designed to keep websites safe and secure. By using our professional services, you can easily and quickly learn about vulnerabilities in your digital assets and take steps to protect yourself from potential cyber attacks. Don't wait until it's too late, visit s4e.io today to secure your website.
REFERENCES
- https://docs.google.com/document/d/1qIZXTzEpI4tO6832vk1KfsSAroT0FY2l--THlhJ8z3c/edit
- https://plugins.trac.wordpress.org/browser/simple-file-list/trunk/includes/ee-downloader.php?rev=2071880
- https://wpscan.com/vulnerability/075a3cc5-1970-4b64-a16f-3ec97e22b606
- https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1119