WordPress Plugin Vulnerabilities

GraceMedia Media Player 1.0 - Local File Inclusion (LFI)

Description

The GraceMedia Media Player WordPress plugin was affected by a Local File Inclusion (LFI) security vulnerability.

Affects Plugins

Plugin icon
gracemedia-media-player
No known fix

References

CVE
CVE-2019-9618
Exploitdb
46537
URL
https://seclists.org/fulldisclosure/2019/Mar/26

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
Manuel Garcia Cardenas
Submitter
Ryan Dewhurst
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
a4f5b10f-3386-45cc-9548-dd7bbea199d6

Timeline

Publicly Published
2019-03-16 (about 6 years ago)
Added
2019-03-18 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-08-27
Title
File Manager, Code Editor, and Backup by Managefy < 1.5.0 - Authenticated (Admin+) Path Traversal to Arbitrary File Download
Published
2025-07-30
Title
HT Mega – Absolute Addons For Elementor < 2.9.2 - Authenticated (Author+) Path Traversal to Limited Arbitrary CSS File Actions
Published
2025-12-11
Title
Image Gallery – Photo Grid & Video Gallery (Modula) < 2.13.4 - Missing Authorization to Arbitrary Directory Listing
Published
2012-07-10
Title
A Page Flip Book 2.3 - index.php pageflipbook_language Parameter Traversal Local File Inclusion
Published
2021-11-15
Title
All-In-One-Gallery < 2.5.0 - Admin+ Local File Inclusion