CVE-2015-4414
NUCLEISE Html5 Album Audio Player < 1.1.0 - Path Traversal
Title source: ruleDescription
Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Larry W. Cashdollar · textwebappsphp
https://www.exploit-db.com/exploits/37274
Nuclei Templates (1)
WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal
MEDIUMby daffainfo
References (5)
Scores
EPSS
0.0905
EPSS Percentile
92.7%
Details
CWE
CWE-22
Status
published
Products (1)
se_html5_album_audio_player_project/se_html5_album_audio_player
< 1.1.0
Published
Jun 17, 2015
Tracked Since
Feb 18, 2026