CVE-2015-4414
published 2015-06-17CVE-2015-4414: Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress…
PriorityP345medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
18.96%
96.9th percentile
Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| se_html5_album_audio_player_project | se_html5_album_audio_player | <= 1.1.0 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WordPress Plugin SE HTML5 Album Audio Player 1.1.0 - Directory Traversal
exploitdb·2015-06-12
CVE-2015-4414 WordPress Plugin SE HTML5 Album Audio Player 1.1.0 - Directory Traversal
WordPress Plugin SE HTML5 Album Audio Player 1.1.0 - Directory Traversal
---
Title: Path Traversal vulnerability in Wordpress plugin se-html5-album-audio-player v1.1.0
Author: Larry W. Cashdollar, @_larry0
Date: 2015-06-06
Advisory: http://www.vapid.dhs.org/advisory.php?v=124
Download Site: https://wordpress.org/plugins/se-html5-album-audio-player/
Vendor: https://profiles.wordpress.org/sedevelops/
Vendor Notified: 2015-06-06
Vendor Contact: https://profiles.wordpress.org/sedevelops/
Description:
An HTML5 Album Audio Player. A plugin to archive, present, and play collections of mp3s (or other html5 audio formats) as albums within your post.
Vulnerability:
The se-html5-album-audio-player v1.1.0 plugin for wordpress has a remote file download vulnerability. The download_audio.php file doe
Nuclei
WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal
nuclei·CVSS 5.0
CVE-2015-4414 [MEDIUM] WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal
WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal
WordPress SE HTML5 Album Audio Player 1.1.0 contains a directory traversal vulnerability in download_audio.php that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Template:
id: CVE-2015-4414
info:
name: WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal
author: daffainfo
severity: medium
description: WordPress SE HTML5 Album Audio Player 1.1.0 contains a directory traversal vulnerability in download_audio.php that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
impact: |
An attacker can exploit this vulnerability to access sensitive files on the server, potentially leading to unauthorized disclosure of sensitive informatio
Greynoiseio
NoiseLetter September 2025
blogs_greynoiseio
NoiseLetter September 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
arXiv
Predicting Exploitation of Disclosed Software Vulnerabilities Using Open-source Data
arxiv_fulltext·2017-07-25
Predicting Exploitation of Disclosed Software Vulnerabilities Using Open-source Data
2017
acmlicensed
IWSPA'17,March 24 2017, Scottsdale, AZ, USA
978-1-4503-4909-3/17/03\15.00
http://dx.doi.org/10.1145/3041008.3041009
Predicting Exploitation of Disclosed Software Vulnerabilities Using Open-source Data
This work is sponsored by the Intelligence Advanced Research Projects Activity (IARPA) in the Office of the Director of National Intelligence (ODNI) under Air Force Contract FA8702-15-D-0001. The United States Government is authorized to reproduce and distribute reprints for governmental purposes notwithstanding any copyright annotation hereon. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of IARPA or the United States Government
http://packetstormsecurity.com/files/132266/WordPress-SE-HTML5-Album-Audio-Player-1.1.0-Directory-Traversal.htmlhttp://www.securityfocus.com/bid/75093http://www.vapid.dhs.org/advisory.php?v=124https://wpvulndb.com/vulnerabilities/8032https://www.exploit-db.com/exploits/37274/http://packetstormsecurity.com/files/132266/WordPress-SE-HTML5-Album-Audio-Player-1.1.0-Directory-Traversal.htmlhttp://www.securityfocus.com/bid/75093http://www.vapid.dhs.org/advisory.php?v=124https://wpvulndb.com/vulnerabilities/8032https://www.exploit-db.com/exploits/37274/
2015-06-17
Published