CVE-2016-20081
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk46th percentile - higher than 46% of all known CVEs
Summary
The WordPress Plugin HB Audio Gallery Lite version 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the file_path parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal sequences to access sensitive files like wp-config.php outside the intended gallery directory.
Risk Assessment
This vulnerability poses a serious security risk by allowing attackers to access sensitive data, potentially compromising the entire WordPress installation.
Recommendation
It is recommended to update the plugin to the latest version that fixes this vulnerability and to monitor server logs for potential attack attempts.
Original NVD description (English source)
WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the file_path parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal sequences to access sensitive files like wp-config.php outside the intended gallery directory.

