SE HTML5 Album Audio Player <= 1.1.0 - Local File IncludeSign up to our free email alerts service for instant vulnerability notifications!
The se-html5-album-audio-player v1.1.0 plugin for wordpress has a local file include vulnerability. The download_audio.php file does not check to see if the user is authenticated, it only attempts to check if the path is in /wp-content/uploads which is easily defeated with ../.
|Proof of Concept||
|OWASP Top 10||A1: Injection|
|Publicly Published||2015-06-06 (about 2 years ago)|
|Added||2015-06-08 (about 2 years ago)|
|Last Updated||2015-09-20 (almost 2 years ago)|
Copyright & License
|Copyright||All data and resources contained within this page and this web site is Copyright © The WPScan Team.|
|License||Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.|