Description
WordPress Plugin HTML5 MP3 Player with Playlist Free is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. WordPress Plugin HTML5 MP3 Player with Playlist Free version 2.6 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.7 or latest
References
http://h4x0resec.blogspot.ro/2014/11/wordpress-html5-mp3-player-with.html
http://packetstormsecurity.com/files/129286/WordPress-Html5-Mp3-Player-Full-Path-Disclosure.html
Related Vulnerabilities
XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-29213)
PostgreSQL Uncontrolled Search Path Element Vulnerability (CVE-2020-14349)
Oracle JRE CVE-2022-21283 Vulnerability (CVE-2022-21283)
MySQL CVE-2024-21051 Vulnerability (CVE-2024-21051)
WordPress Plugin Simple History Information Disclosure (1.0.7)