{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T23:36:13.705","vulnerabilities":[{"cve":{"id":"CVE-2020-36847","sourceIdentifier":"security@wordfence.com","published":"2025-07-12T10:15:24.770","lastModified":"2025-07-29T20:37:27.933","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be used to rename uploaded PHP code with a png extension to use a php extension. This allows unauthenticated attackers to execute code on the server."},{"lang":"es","value":"El complemento Simple-File-List para WordPress es vulnerable a la ejecución remota de código en versiones hasta la 4.2.2 incluida, a través de la función de cambio de nombre, que permite renombrar código PHP subido con extensión PNG para usar una extensión PHP. Esto permite a atacantes no autenticados ejecutar código en el servidor."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:simplefilelist:simple_file_list:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"4.2.3","matchCriteriaId":"2AA3F2B1-0A2D-4538-AE6E-DA7F2BE8C82E"}]}]}],"references":[{"url":"https://packetstormsecurity.com/files/160221/","source":"security@wordfence.com","tags":["Exploit"]},{"url":"https://plugins.trac.wordpress.org/changeset/2286920/simple-file-list","source":"security@wordfence.com","tags":["Patch"]},{"url":"https://wpscan.com/vulnerability/365da9c5-a8d0-45f6-863c-1b1926ffd574/","source":"security@wordfence.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.cybersecurity-help.cz/vdb/SB2020042711","source":"security@wordfence.com","tags":["Third Party Advisory"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9eb835fd-6ebf-4162-856c-0366b663a07e?source=cve","source":"security@wordfence.com","tags":["Third Party Advisory"]},{"url":"https://wpscan.com/vulnerability/365da9c5-a8d0-45f6-863c-1b1926ffd574/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}}]}