CVE-2025-31070
Lifecycle Timeline
2Tags
Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LambertGroup HTML5 Radio Player - WPBakery Page Builder Addon lbg-cleverbakery allows Path Traversal.This issue affects HTML5 Radio Player - WPBakery Page Builder Addon: from n/a through <= 2.5.
Analysis
Path traversal vulnerability in LambertGroup HTML5 Radio Player WPBakery Page Builder Addon (lbg-cleverbakery) versions 2.5 and earlier allows unauthenticated attackers to download arbitrary files from the server by manipulating pathname parameters. The vulnerability is rooted in improper input validation of file path requests, enabling attackers to traverse directory structures using relative path sequences. No active exploitation has been confirmed, and the low EPSS score (0.11th percentile) suggests limited real-world attack probability despite the moderate technical impact.
Technical Context
The vulnerability stems from CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), a classic path traversal flaw where user-supplied input is not properly sanitized before being used in file system operations. The affected component is the lbg-cleverbakery WordPress plugin (a WPBakery Page Builder addon), which likely accepts file path parameters in HTTP requests without validating or canonicalizing paths to ensure they remain within an intended directory. Attackers can exploit this by injecting directory traversal sequences (such as '../' or encoded variants) to escape the plugin's restricted directory and access sensitive files elsewhere on the WordPress installation or server filesystem. The CPE for this plugin would be cpe:2.3:a:lambertgroup:html5_radio_player_-_wpbakery_page_builder_addon:*:*:*:*:*:wordpress:*:*.
Affected Products
LambertGroup HTML5 Radio Player WPBakery Page Builder Addon (WordPress plugin identifier: lbg-cleverbakery) version 2.5 and all earlier versions are affected. The plugin is distributed through the official WordPress plugin repository and third-party sources. Additional version information is not specified in available data; however, the vulnerability note indicates the issue affects the product from its inception through at least version 2.5.
Remediation
Update the HTML5 Radio Player WPBakery Page Builder Addon plugin immediately to a patched version beyond 2.5. Visit the WordPress plugin repository or the official LambertGroup website to download the latest version, or use the WordPress admin dashboard (Plugins > Updates) to apply the update automatically. If an immediate update is not possible, deactivate and remove the plugin until a patch is installed, as the vulnerability allows unauthenticated arbitrary file access. For detailed advisory information and confirmation of the patched version, refer to the Patchstack vulnerability database entry: https://patchstack.com/database/Wordpress/Plugin/lbg-cleverbakery/vulnerability/wordpress-html5-radio-player-wpbakery-page-builder-addon-plugin-2-5-arbitrary-file-download-vulnerability.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today