CVE-2025-47450: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was identified in Mitchell Bennis Simple File List WordPress plugin, tracked as CVE-2025-47450. The vulnerability was discovered by Kévin Mosbahi (Mika) and publicly disclosed on May 7, 2025. It affects versions through 6.1.13 and allows exploiting incorrectly configured access control security levels (Wiz, Patchstack).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.3 (Medium severity) with the vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs no privileges or user interaction, has unchanged scope, and can impact system integrity while having no effect on confidentiality or availability. The vulnerability is classified as CWE-862 (Missing Authorization) (Wiz).

The vulnerability allows unauthenticated attackers to modify settings in the Simple File List WordPress plugin. While the integrity impact is rated as low, the vulnerability could potentially lead to unauthorized changes in the plugin's configuration (Wiz).

Users are advised to update to Simple File List version 6.1.14 or later, which contains the fix for this vulnerability (Wiz, Patchstack).