ThreatPress

WordPress Vulnerabilities Database

Back

WordPress SE HTML5 Album Audio Player Plugin 1.1.0 - Directory Traversal

Product
SE HTML5 Album Audio Player
Description
There is a remote file download vulnerability in this plugin. The file called " download_audio.php" does not check the file path.
Solution
Upgrade the plugin.
Classification
Type Remote File Inclusion
References
Exploit-DB
CVE
Name CVE- 2015-4414
Versions
Affected In <= 1.1.0
Fixed In 1.1.1
Disclosure date
2015-06-12
Credits
Larry W. Cashdollar