CVE-2025-34085
Published Jul 9, 2025
Last updated 2 days ago
AI description
CVE-2025-34085 is an unrestricted file upload vulnerability affecting the WordPress Simple File List plugin versions prior to 4.2.3. It allows unauthenticated remote attackers to execute code remotely. The vulnerability lies within the plugin's upload endpoint (ee-upload-engine.php), which lacks proper validation after file renaming. An attacker can bypass upload restrictions by initially uploading a PHP payload disguised as a .png file. They can then use the plugin's ee-file-engine.php rename functionality to change the extension to .php, making the payload executable on the server.
- Description
- Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a duplicate of CVE-2020-36847.
- Source
- disclosure@vulncheck.com
- NVD status
- Rejected
- Hype score
- Not currently trending
🚨Multi-target unauthenticated RCE scanner for CVE-2025-34085 affecting WordPress Simple File List plugin. Uploads, renames, and triggers PHP webshells across large target sets. ✅https://t.co/5dpWU4BVZ5 ✅ Join Telegram For More Content: https://t.co/Pz9cWGL18l https://t.c
@wtf_brut
13 Jul 2025
2181 Impressions
8 Retweets
46 Likes
16 Bookmarks
0 Replies
0 Quotes
🚨Multi-target unauthenticated RCE scanner for CVE-2025-34085 affecting WordPress Simple File List plugin. Uploads, renames, and triggers PHP webshells across large target sets. ✅https://t.co/JovuB7QH5o https://t.co/O8CfQqHJ5t
@HackingTeam777
13 Jul 2025
374 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-34085 An unrestricted file upload vulnerability in the WordPress Simple File List plugin prior to version 4.2.3 allows unauthenticated remote attackers to achieve remote co… https://t.co/j6s9K2BiY3
@CVEnew
9 Jul 2025
142 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes