Description

WordPress Plugin HTML5 MP3 Player with Playlist Free is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. WordPress Plugin HTML5 MP3 Player with Playlist Free version 2.6 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.7 or latest

References

http://h4x0resec.blogspot.ro/2014/11/wordpress-html5-mp3-player-with.html

http://packetstormsecurity.com/files/129286/WordPress-Html5-Mp3-Player-Full-Path-Disclosure.html

Related Vulnerabilities

WordPress Plugin OptionTree PHP Object Injection (2.7.2)

WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.6.2)

WordPress Plugin File Manager Directory Traversal (7.2.5)

MediaWiki CVE-2021-45471 Vulnerability (CVE-2021-45471)

WordPress Plugin NextScripts:Social Networks Auto-Poster Security Bypass (4.3.17)

Severity

High

Classification

CVE-2014-9177 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Information Disclosure