CVE-2023-44227
📋 TL;DR
This CVE describes a Missing Authorization vulnerability in the Simple File List WordPress plugin that allows unauthorized file deletion. Attackers can delete arbitrary files on affected WordPress installations. All WordPress sites using Simple File List versions up to 6.1.9 are vulnerable.
💻 Affected Systems
- Simple File List WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete website compromise through deletion of critical WordPress files, leading to site unavailability and potential data loss.
Likely Case
Selective file deletion causing website functionality disruption, content loss, or defacement.
If Mitigated
No impact if proper authorization checks are implemented or plugin is updated/disabled.
🎯 Exploit Status
Exploitation requires some level of access but authorization bypass makes it accessible to lower-privileged users. Public exploit details available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.2.0 and later
Vendor Advisory: https://patchstack.com/database/vulnerability/simple-file-list/wordpress-simple-file-list-plugin-6-1-8-arbitrary-file-deletion
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Simple File List. 4. Click 'Update Now' if available. 5. Alternatively, download version 6.2.0+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable Simple File List Plugin
allTemporarily deactivate the vulnerable plugin until patching is possible.
wp plugin deactivate simple-file-list
Restrict Plugin Access
allUse WordPress role management to restrict who can access file management functionality.
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block file deletion requests to the plugin endpoints.
- Enable file integrity monitoring on WordPress directories to detect unauthorized file changes.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Simple File List version number. If version is 6.1.9 or lower, system is vulnerable.Check Version:
wp plugin get simple-file-list --field=versionVerify Fix Applied:
Verify plugin version is 6.2.0 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual file deletion events in WordPress or web server logs
- POST requests to /wp-content/plugins/simple-file-list/ with file deletion parameters
Network Indicators:
- HTTP requests to Simple File List endpoints with file deletion parameters from unauthorized users
SIEM Query:
web_access_logs WHERE uri LIKE '%simple-file-list%' AND (method='POST' OR parameters CONTAINS 'delete' OR 'remove')