Description
WordPress Plugin SE HTML5 Album Audio Player is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin SE HTML5 Album Audio Player version 1.1.0 is vulnerable; prior versions may also be affected.
Remediation
Edit the source code to ensure that input is properly verified or disable the plugin until a fix is available
References
http://www.vapidlabs.com/advisory.php?v=124
Related Vulnerabilities
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-0866)
AngularJS Improper Input Validation Vulnerability (CVE-2019-10768)
WordPress Plugin Advanced Forms for ACF Pro Security Bypass (1.6.8)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-7853)