ThreatPress

WordPress Vulnerabilities Database

Back

WordPress HTML5 MP3 Player with Playlist Free Plugin <= 2.6 - Full Path Disclosure

Product
HTML5 MP3 Player with Playlist Free
Description
Because of this vulnerability, the attackers can obtain the installation path via a request to html5plus/playlist.php.
Solution
Upgrade the plugin.
Classification
Type Full path disclosure (FPD)
References
CVE Mitre
CVE
Name CVE-2014-9177
Versions
Affected In <= 2.6
Fixed In 2.7
Disclosure date
2014-12-02
Credits
KnocKout