The Simple File List WordPress plugin prior to 4.4.12 does not implement nonce checks, which could allow malicious users to make a logged in admin create new page and change it's content via a CSRF attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
simplefilelist simple-file-list |