CVE-2025-68591
WordPress Simple File List plugin <= 6.1.15 - Broken Access Control vulnerabilityMissing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple File List: from n/a through <= 6.1.15.
We have discovered 2,241 live websites that are affected by CVE-2025-68591.
Affected Software
| Product |  Simple File List |
| Category | Wordpress Plugins |
| Vulnerable Domains | 2,241 live websites (81% of Simple File List install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 41 versions ( 91% of all versions) |
Details
- Published - Dec 24, 2025
- Updated - Jan 20, 2026
Credits
- daroo | Patchstack Bug Bounty Program (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2025-68591 United States | 591 websites |
 Germany | 220 websites |
 GB | 217 websites |
 Italy | 137 websites |
 France | 110 websites |
 Denmark | 98 websites |
 Netherlands | 82 websites |
 Spain | 70 websites |
 Canada | 63 websites |
 Switzerland | 59 websites |
Website Distribution by TLD
Number of websites using CVE-2025-68591| .com | 518 websites |
| .org | 303 websites |
| .de | 152 websites |
| .it | 103 websites |
| .nl | 67 websites |
| .co.uk | 60 websites |
| .dk | 55 websites |
| .ch | 54 websites |
| .net | 50 websites |
| .fr | 47 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-68591
Top websites that are affected by CVE-2025-68591. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****.*****.gov | United States | ***,*** | |
| *****************************.***.uk | GB | ***,*** | |
| ************.org | United States | ***,*** | |
| *******************.org | United States | ***,*** | |
| ******.de | United States | ***,*** | |
| **************.org | United States | ***,*** | |
| ****.****.********.edu | United States | ***,*** | |
| ********.org | United States | ***,*** | |
| ******.org | Italy | ***,*** | |
| ****.*******.gr |  Greece | ***,*** |
FAQ
A total of 2,241 websites have been identified as vulnerable to CVE-2025-68591, based on global website indexing conducted by WebTechSurvey.
The Simple File List is affected by the CVE-2025-68591 vulnerability.
Simple File List versions up to and including 6.1.15 are vulnerable to CVE-2025-68591.