WordPress Plugin Vulnerabilities

S3Bubble Cloud Video With Adverts & Analytics <= 0.7 - Arbitrary File Download

Description

The 3bubble-amazon-s3-html-5-video-with-adverts WordPress plugin was affected by an Arbitrary File Download security vulnerability.

Affects Plugins

Plugin icon
3bubble-amazon-s3-html-5-video-with-adverts
No known fix

References

Exploitdb
37494
URL
https://packetstormsecurity.com/files/#132578/

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
a5f0dbe4-6ebd-4cad-aae8-7accd26c9743

Timeline

Publicly Published
2015-07-07 (about 10 years ago)
Added
2015-07-08 (about 10 years ago)
Last Updated
2019-10-22 (about 6 years ago)

Other

Published
Title
Published
2025-05-02
Title
Nomupay Payment Processing Gateway < 7.1.8 - Shop Manager+ Arbitrary File Download
Published
2025-10-03
Title
PixelYourSite < 11.1.2 - Admin+ LFI
Published
2025-06-04
Title
Spice Blocks < 2.0.7.5 - Unauthenticated Arbitrary File Download
Published
2026-04-20
Title
wpForo Forum < 3.0.6 - Authenticated (Subscriber+) Arbitrary File Deletion via Custom Profile Field File Path
Published
2023-12-26
Title
Ultimate Addons for Beaver Builder < 1.35.14 - Contributor+ Arbitrary File Download