CVE Tools

CVE-2020-36847

Simple File List < 4.2.3 - Remote Code Execution

Published: Jul 12, 2025Updated: Jul 29, 2025 Sources: CVE List NVDCWE-434

Description

The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be used to rename uploaded PHP code with a png extension to use a php extension. This allows unauthenticated attackers to execute code on the server.

In plain language

AI Act now

Simple File List (a WordPress plugin) before 4.2.3 lets an attacker upload a disguised file and run code on your server without any login—this is serious and should worry typical small businesses using the plugin.

Executive summary

CVE-2020-36847 is an unauthenticated Remote Code Execution in the Simple File List WordPress plugin (versions up to 4.2.2) where attackers can upload a malicious PHP file disguised as an image and abuse the file-rename behavior to execute arbitrary code on the server.

If affected, business impact
Webshell installed on websiteFull site compromiseCustomer data exposureBusiness disruption

What to do now

  1. Check whether your WordPress site has the “Simple File List” plugin installed and active, and note its exact version number.
  2. If the plugin version is 4.2.2 or older (anything before 4.2.3), update it to 4.2.3.
  3. If you cannot update right away, temporarily disable and remove the Simple File List plugin until it can be updated.
  4. After updating, verify the site’s uploaded files and web-accessible directories don’t contain unexpected .php files or webshell-like scripts, and review server/web logs for suspicious uploads or rename activity.
composer require simple-file-list/simple-file-list:^4.2.3
Patch / advisory Usually a quick update

CVSS Vector Breakdown

AV:NAC:LPR:NUI:NS:UC:HI:HA:H
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:HConfidentiality
High
I:HIntegrity
High
A:HAvailability
High

Weaknesses

Affected Products

eemitch
oss-projectaka simple file list
simplefilelist
commercialaka simple file list, simple-file-list

Exploitability

2 exploit sources identified

Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.

View exploit details
Official Patch Available

Attack Graph

Products CVE Techniques Tactics

Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/ + scroll to zoom, or go fullscreen.

MITRE ATT&CK

3 techniques
Command and Control
Initial Access
Persistence
View detailed technique mapping

References

and 2 more references View all →
2

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2020-36847 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows