Description
WordPress Plugin HTML5 MP3 Player with Playlist Free is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. WordPress Plugin HTML5 MP3 Player with Playlist Free version 2.6 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.7 or latest
References
http://h4x0resec.blogspot.ro/2014/11/wordpress-html5-mp3-player-with.html
http://packetstormsecurity.com/files/129286/WordPress-Html5-Mp3-Player-Full-Path-Disclosure.html
Related Vulnerabilities
WordPress Plugin NextGEN Gallery-WordPress Gallery Multiple Vulnerabilities (2.0.77)
WordPress Plugin Elementor Pro Security Bypass (3.11.6)
WordPress Plugin MAC PHOTO GALLERY Arbitrary File Download (3.0)
WordPress Plugin Podcast Channels Cross-Site Scripting (0.20)
WordPress Plugin SocialFit 'msg' Parameter Cross-Site Scripting (1.2.2)