2 matches found
CVE-2014-9177
The CVE-2014-9177 entry concerns the WordPress plugin “HTML5 MP3 Player with Playlist Free” (before version 2.7). The vulnerability is a path-disclosure flaw where an attacker can obtain the WordPress installation path via a request to html5plus/playlist.php. Impact is limited to information disc...
CVE-2023-52207
CVE-2023-52207 affects the WordPress plugin HTML5 MP3 Player with Playlist Free (versions ≤ 3.0.0). Root cause: deserialization of untrusted data leading to a PHP Object Injection. Impact: authenticated attackers with author-level access could inject objects; Wordfence notes potential file deleti...