WordPress Plugin Vulnerabilities

MP3-jPlayer < 2.5 - Local File Disclosure

Description

The MP3-jPlayer WordPress plugin was affected by a Local File Disclosure security vulnerability.

Affects Plugins

Plugin icon
mp3-jplayer
Fixed in 2.5

References

URL
https://packetstormsecurity.com/files/#130956/
URL
http://k3dsec.blogspot.com/2015/03/wordpress-plugin-mp3-jplayer-v23-local.html

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Submitter
pvdl
Verified
No
WPVDB ID
16bca8e2-8eaf-47d0-aee6-60547f76e404

Timeline

Publicly Published
2015-03-23 (about 11 years ago)
Added
2015-03-24 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2024-09-30
Title
LiteSpeed Cache < 6.5.1 - Author+ Path Traversal
Published
2026-05-05
Title
Fluent Forms < 6.2.2 - Admin+ Arbitrary File Read via Path Traversal
Published
2025-01-16
Title
WP Cloud <= 1.4.3 - Unauthenticated Arbitrary File Read
Published
2026-01-05
Title
BuddyPress Xprofile Custom Field Types < 1.3.0 - Authenticated (Subscriber+) Arbitrary File Deletion
Published
2024-04-05
Title
WordPress Gallery Exporter <= 1.3 - Authenticated (Administrator+) Arbitrary File Download