CVE-2020-36847 – WordPress Simple-File-List Remote Code Execution Vulnerability

July 12, 2025

CVE ID : CVE-2020-36847

Published : July 12, 2025, 10:15 a.m. | 8 hours, 26 minutes ago

Description : The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be used to rename uploaded PHP code with a png extension to use a php extension. This allows unauthenticated attackers to execute code on the server.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-7518 – RSFirewall! WordPress Path Traversal Vulnerability

Next Article CVE-2025-7504 – WordPress Friends Plugin PHP Object Injection Vulnerability

Twilio’s Event Triggered Journeys, OutSystem’s Agent Workbench, and more – Daily News Digest

Harness Infrastructure as Code Management expands with features that facilitate better reusability

Akka introduces platform for distributed agentic AI

Design Patterns For AI Interfaces

Xbox Cloud Gaming is getting next-gen treatment too — here’s what we expect to see in the coming months and years for cloud gamers ☁️

Windows 7 running natively on a Steam Deck is an affront to science — this tinkerer has Microsoft’s OS booting in portrait mode

“Everybody’s jobs will be affected” — but NVIDIA’s CEO believes society can think its way out of AI-related job loss

“A future has been stolen from many of us” — ZeniMax Online Studios devs will reportedly soon be hit by Microsoft’s Xbox layoffs after the MMO Phil Spencer loved was cancelled

The details of TC39’s last meeting

The details of TC39’s last meeting

How Agentic AI is Reshaping Marketing and CX Operations

We’re Moving! NodeSource Distributions Now Have a New Home – With Extended Support

Xbox Cloud Gaming is getting next-gen treatment too — here’s what we expect to see in the coming months and years for cloud gamers ☁️

Xbox Cloud Gaming is getting next-gen treatment too — here’s what we expect to see in the coming months and years for cloud gamers ☁️

Windows 7 running natively on a Steam Deck is an affront to science — this tinkerer has Microsoft’s OS booting in portrait mode

“Everybody’s jobs will be affected” — but NVIDIA’s CEO believes society can think its way out of AI-related job loss

CVE-2020-36847 – WordPress Simple-File-List Remote Code Execution Vulnerability

Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

YaST2 is a GRUB graphical configuration tool for openSUSE

CVE-2025-6120 – Assimp Heap-Based Buffer Overflow Vulnerability

CVE-2025-37786 – Linux Kernel DSA Net Use-After-Free Vulnerability

Our 20 Recommended Software Development Tools for 2025

Meta AI Proposes Multi-Token Attention (MTA): A New Attention Method which Allows LLMs to Condition their Attention Weights on Multiple Query and Key Vectors

Humanoid Policy ~ Human Policy

Double Fine announced its new game, and I’m so ready to play as a sentient lighthouse

CVE-2025-45492 – Netgear EX8000 Command Injection Vulnerability

CVE-2020-36847 – WordPress Simple-File-List Remote Code Execution Vulnerability

Related Posts