The issue was discovered when Simple File List team updated their plugin to version 4.4.12, which introduced a new feature to be able to import posts from galleries and shortcode. As part of the new functionality, the plugin now allows the admin to import posts with settings that allows unfiltered_html. This was not the case before. As such, the Simple File List team decided to make the update. The 4.5.0 version was released and shortly after 4.4.12 was released. Shortly after 4.5.0 was released, the team noticed that the new version of Simple File List introduced a new setting that allowed unfiltered_html, which was not the case before. As such, the team decided to release a new version of the plugin. The new version was 4.4.13, which introduced the new setting. The team decided to make the update, since it was not present in the old versions of the plugin. The team didn’t want to release a new version, since it was not a critical update. However, the team decided to release 4.4.13, since it was the newest version of the plugin and the team wanted people to have the latest version.
Installation and configuration of Simple File List plugin
The plugin is not a complicated one to install and configure. After you have the plugin installed, go to Settings->File List->General tab and check the “allow_unfiltered_html” option. After that, go to Settings->File List->Settings tab and click on the “Documentation” link.
How to Detect if Your WordPress Website is Vulnerable to CVE-2022-3207
The vulnerability is located in the Simple File List plugin and has been patched as of 4.4.13, which was released on 19th November 2018. The team decided to release a new version of the plugin with the latest version number, since it wasn’t present in older versions of the plugin. If you have an older version of the plugin installed on your WordPress website, it may be vulnerable to CVE-2022-3207. To find out if your website is vulnerable or not, please follow these steps:
1. Login to your WordPress admin area 2. Navigate to Plugins > Add New 3. Search for Simple File List 4. Click Install 5. Once installation has completed, click Activate 6. You should see a green mark next to the plugin name 7. If you don't see this green mark then your website is not vulnerable
Vulnerability Discovery
Simple File List plugin allows the admin to import posts from galleries and shortcode, which was not the case before. As such, the team decided to make an update that allowed unfiltered_html. This was not the case before, but it is now. As a result, the new version of Simple File List introduced a new setting that allowed unfiltered_html, which was not present before. This version of the plugin has been released as well as all previous versions of it.
Version History
At Simple File List, we want to give our customers the best experience possible. We don’t release updates without a good reason. If something is not working properly or if there is a security issue, we will release an update. We do this in an effort to protect our customers and your sites from any potential security issues.
The team decided to release 4.4.13, since it was the newest version of the plugin and the team wanted people to have the latest version.
Timeline
Published on: 10/10/2022 21:15:00 UTC
Last modified on: 10/12/2022 17:49:00 UTC