Skip to main content

LambertGroup HTML5 Radio Player CVE-2025-31070

HIGH
Path Traversal (CWE-22)
2025-07-16 audit@patchstack.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Re-analysis Queued
Apr 23, 2026 - 15:42 vuln.today
cvss_changed
CVSS changed
Apr 23, 2026 - 15:42 NVD
7.5 (HIGH)
Analysis Generated
Apr 01, 2026 - 17:26 vuln.today
CVE Published
Jul 16, 2025 - 12:15 nvd
N/A

DescriptionCVE.org

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LambertGroup HTML5 Radio Player - WPBakery Page Builder Addon lbg-cleverbakery allows Path Traversal.This issue affects HTML5 Radio Player - WPBakery Page Builder Addon: from n/a through <= 2.5.

AnalysisAI

Path traversal vulnerability in LambertGroup HTML5 Radio Player WPBakery Page Builder Addon (lbg-cleverbakery) versions 2.5 and earlier allows unauthenticated attackers to download arbitrary files from the server by manipulating pathname parameters. The vulnerability is rooted in improper input validation of file path requests, enabling attackers to traverse directory structures using relative path sequences. No active exploitation has been confirmed, and the low EPSS score (0.11th percentile) suggests limited real-world attack probability despite the moderate technical impact.

Technical ContextAI

The vulnerability stems from CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), a classic path traversal flaw where user-supplied input is not properly sanitized before being used in file system operations. The affected component is the lbg-cleverbakery WordPress plugin (a WPBakery Page Builder addon), which likely accepts file path parameters in HTTP requests without validating or canonicalizing paths to ensure they remain within an intended directory. Attackers can exploit this by injecting directory traversal sequences (such as '../' or encoded variants) to escape the plugin's restricted directory and access sensitive files elsewhere on the WordPress installation or server filesystem. The CPE for this plugin would be cpe:2.3:a:lambertgroup:html5_radio_player_-_wpbakery_page_builder_addon:*:*:*:*:*:wordpress:*:*.

Affected ProductsAI

LambertGroup HTML5 Radio Player WPBakery Page Builder Addon (WordPress plugin identifier: lbg-cleverbakery) version 2.5 and all earlier versions are affected. The plugin is distributed through the official WordPress plugin repository and third-party sources. Additional version information is not specified in available data; however, the vulnerability note indicates the issue affects the product from its inception through at least version 2.5.

RemediationAI

Update the HTML5 Radio Player WPBakery Page Builder Addon plugin immediately to a patched version beyond 2.5. Visit the WordPress plugin repository or the official LambertGroup website to download the latest version, or use the WordPress admin dashboard (Plugins > Updates) to apply the update automatically. If an immediate update is not possible, deactivate and remove the plugin until a patch is installed, as the vulnerability allows unauthenticated arbitrary file access. For detailed advisory information and confirmation of the patched version, refer to the Patchstack vulnerability database entry: https://patchstack.com/database/Wordpress/Plugin/lbg-cleverbakery/vulnerability/wordpress-html5-radio-player-wpbakery-page-builder-addon-plugin-2-5-arbitrary-file-download-vulnerability.

Share

CVE-2025-31070 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy