CVE-2026-11912 eemitch CVE debrief

Who should care

Administrators and security teams responsible for WordPress installations, particularly those using the Simple File List plugin, should be aware of this vulnerability. Given the high severity and potential for exploitation, immediate attention is necessary to assess and mitigate risk. This includes reviewing plugin versions, updating to patched versions, and monitoring for suspicious activity.

Technical summary

The Simple File List plugin for WordPress is vulnerable to arbitrary file modification (CVE-2026-11912). The vulnerability exists due to insufficient authorization checks in all versions up to, and including, 6.3.7. This allows unauthenticated attackers to modify and delete files on the server. The is_admin() check in the plugin does not effectively prevent exploitation because it is bypassed before evaluating the AllowFrontManage setting. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N, indicating a high severity score of 7.5.

Defensive priority

High priority due to potential for unauthenticated file modification and high CVSS score.

Recommended defensive actions

• Update the Simple File List plugin to a patched version beyond 6.3.7.
• Review and restrict file access permissions on the server.
• Monitor WordPress site files for unauthorized modifications.
• Implement a Web Application Firewall (WAF) to detect and block suspicious file modification attempts.
• Regularly update and audit all WordPress plugins and themes.

Evidence notes

The primary evidence for this vulnerability comes from the CVE record and details provided by the National Vulnerability Database (NVD). The vulnerability is confirmed to affect the Simple File List plugin up to version 6.3.7. The is_admin() check bypass and insufficient authorization are key factors in the vulnerability's impact. Defenders should verify plugin versions and monitor for suspicious file modifications.

Official resources