40 matches found
CVE-2016-20081
WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the filepath parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal sequences to acces...
CVE-2016-20081
HB Audio Gallery Lite 1.0.0 (WordPress) has a path traversal in audio-download.php via the file_path parameter that allows unauthenticated access to arbitrary files outside the gallery directory (e.g., wp-config.php). Root cause: inadequate validation of the file_path input. The connected documen...
CVE-2016-20081 WordPress Plugin HB Audio Gallery Lite 1.0.0 Path Traversal File Download
WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the filepath parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal sequences to acces...
CVE-2016-20081 WordPress Plugin HB Audio Gallery Lite 1.0.0 Path Traversal File Download
WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the filepath parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal sequences to acces...
EUVD-2016-10893
WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the filepath parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal sequences to acces...
CVE-2025-13603
The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2.0. This is due to insufficient capability checks and lack of nonce verification on the "wpaghtaccesscallback" function This makes it possible for authenticated...
WordPress WP AUDIO GALLERY plugin <= 2.0 - Authenticated (Subscriber+) Arbitrary File Read via .htaccess Manipulation vulnerability
Authenticated Subscriber+ Arbitrary File Read via .htaccess Manipulation vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP AUDIO GALLERY versions = 2.0...
CVE-2025-13603
The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2.0. This is due to insufficient capability checks and lack of nonce verification on the "wpaghtaccesscallback" function This makes it possible for authenticated...
CVE-2025-13603 WP AUDIO GALLERY <= 2.0 - Authenticated (Subscriber+) Arbitrary File Read via .htaccess Manipulation
The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2.0. This is due to insufficient capability checks and lack of nonce verification on the "wpaghtaccesscallback" function This makes it possible for authenticated...
CVE-2025-13603
The CVE concerns WP Audio Gallery for WordPress (
CVE-2025-13603 WP AUDIO GALLERY <= 2.0 - Authenticated (Subscriber+) Arbitrary File Read via .htaccess Manipulation
The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2.0. This is due to insufficient capability checks and lack of nonce verification on the "wpaghtaccesscallback" function This makes it possible for authenticated...
WordPress plugin WP AUDIO GALLERY 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-20602
The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2.0. This is due to insufficient capability checks and lack of nonce verification on the "wpag htaccess callback" function This makes it possible for authenticated...
WordPress WP AUDIO GALLERY plugin <= 2.0 - Authenticated (Subscriber+) Arbitrary File Deletion via 'audio_upload' Parameter vulnerability
Authenticated Subscriber+ Arbitrary File Deletion via 'audioupload' Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP AUDIO GALLERY versions = 2.0...
CVE-2025-13322
The WP AUDIO GALLERY plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 2.0. This is due to the wpaguploadaudiocallback AJAX handler not properly validating user-supplied file paths in the audioupload...
CVE-2025-13322
The WP AUDIO GALLERY plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 2.0. This is due to the wpaguploadaudiocallback AJAX handler not properly validating user-supplied file paths in the audioupload...
EUVD-2025-198389
The WP AUDIO GALLERY plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 2.0. This is due to the wpaguploadaudiocallback AJAX handler not properly validating user-supplied file paths in the audioupload...
CVE-2025-13322 WP AUDIO GALLERY <= 2.0 - Authenticated (Subscriber+) Arbitrary File Deletion via 'audio_upload' Parameter
The WP AUDIO GALLERY plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 2.0. This is due to the wpaguploadaudiocallback AJAX handler not properly validating user-supplied file paths in the audioupload...
CVE-2025-13322
CVE-2025-13322 : WordPress plugin WP AUDIO GALLERY (
WordPress plugin WP AUDIO GALLERY 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...