Directory Traversal Vulnerability in SE HTML5 Album Audio Player Plugin for WordPress
CVE-2015-4414

Currently unrated

Key Information:

Vendor: Wordpress
Status: Se Html5 Album Audio Player
Vendor: CVE Published:; 17 June 2015

Summary

The SE HTML5 Album Audio Player plugin for WordPress contains a directory traversal vulnerability that allows remote attackers to exploit the 'download_audio.php' file. By manipulating the file parameter with '../' sequences, an attacker could gain unauthorized access to arbitrary files on the server. This can lead to sensitive data exposure, making the application and server environment vulnerable to further attacks. Users of this plugin should upgrade to the latest version to mitigate this risk.

References

http://www.vapid.dhs.org/advisory.php?v=124

x_refsource_MISC

https://wpvulndb.com/vulnerabilities/8032

x_refsource_MISC

https://www.exploit-db.com/exploits/37274/

exploitx_refsource_EXPLOIT-DB

EPSS Score

21% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 17, 2015
Vulnerability Reserved
Jun 7, 2015