Nixpkgs security tracker

Permalink CVE-2025-22654

10.0 CRITICAL

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Changed (C)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

updated 1 year, 3 months ago by @fpletz Activity log

Created suggestion 1 year, 3 months ago
@fpletz dismissed 1 year, 3 months ago

WordPress Simplified Plugin Plugin <= 1.0.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in kodeshpa Simplified allows Using Malicious Files. This issue affects Simplified: from n/a through 1.0.6.

References

https://patchstack.com/database/wordpress/plugin/simplified/vulnerability/wordp… vdb-entry

Affected products

simplified

=<1.0.6

Matching in nixpkgs

pkgs.gnomeExtensions.net-speed-simplified

A Net Speed extension With Loads of Customization. Fork of simplenetspeed

nixos-unstable 43
- nixpkgs-unstable 43
- nixos-unstable-small 43

pkgs.haskellPackages.phonetic-languages-simplified-base

A basics of the phonetic-languages functionality that can be groupped

nixos-unstable 0.9.0.0
- nixpkgs-unstable 0.9.0.0
- nixos-unstable-small 0.9.0.0

pkgs.haskellPackages.phonetic-languages-simplified-properties-array-common

Common functionality for 'with-tuples' and old version of properties

nixos-unstable 0.4.1.0
- nixpkgs-unstable 0.4.1.0
- nixos-unstable-small 0.4.1.0

Package maintainers

@honnip Jung seungwoo <me@honnip.page>

Suggestions search