WordPress Plugin Vulnerabilities

HTML5 MP3 Player with Playlist < 2.8.0 - Full Path Disclosure (FPD)

Description

The HTML5 MP3 Player with Playlist Free WordPress plugin was affected by a Full Path Disclosure (FPD) security vulnerability.

Affects Plugins

Plugin icon
html5-mp3-player-with-playlist
Fixed in 2.8.0

References

CVE
CVE-2014-9177
URL
https://packetstormsecurity.com/files/#129286/
URL
https://plugins.trac.wordpress.org/changeset/1034912/

Classification

Type
FPD
OWASP top 10
A6: Security Misconfiguration
CWE
CWE-209
CVSS
5.3 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
Yes
WPVDB ID
02225359-915d-4a8d-a820-384b1753f384

Timeline

Publicly Published
2014-11-27 (about 11 years ago)
Added
2014-11-27 (about 11 years ago)
Last Updated
2021-03-08 (about 5 years ago)

Other

Published
Title
Published
2014-08-01
Title
Spam Free Plugin 1.9.2 - Multiple Script Direct Request Path Disclosure
Published
2025-02-11
Title
AForms Eats < 1.3.2 - Unauthenticated Full Path Disclosure
Published
2014-08-01
Title
Dewplayer <= 1.2 - dewplayer.php Direct Request Path Disclosure Weakness
Published
2014-08-01
Title
Q and A - Multiple Scripts Direct Request Path Disclosure
Published
2023-09-25
Title
Vrm 360 3D Model Viewer <= 1.2.1 - Full Path Disclosure