CVE Catalog

CVE-2016-20081

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.64%

46th percentile - higher than 46% of all known CVEs

Summary

The WordPress Plugin HB Audio Gallery Lite version 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the file_path parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal sequences to access sensitive files like wp-config.php outside the intended gallery directory.

Risk Assessment

This vulnerability poses a serious security risk by allowing attackers to access sensitive data, potentially compromising the entire WordPress installation.

Recommendation

It is recommended to update the plugin to the latest version that fixes this vulnerability and to monitor server logs for potential attack attempts.

Original NVD description (English source)

WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the file_path parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal sequences to access sensitive files like wp-config.php outside the intended gallery directory.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS