LambertGroup HTML5 Radio Player CVE-2025-31070
HIGHSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LambertGroup HTML5 Radio Player - WPBakery Page Builder Addon lbg-cleverbakery allows Path Traversal.This issue affects HTML5 Radio Player - WPBakery Page Builder Addon: from n/a through <= 2.5.
AnalysisAI
Path traversal vulnerability in LambertGroup HTML5 Radio Player WPBakery Page Builder Addon (lbg-cleverbakery) versions 2.5 and earlier allows unauthenticated attackers to download arbitrary files from the server by manipulating pathname parameters. The vulnerability is rooted in improper input validation of file path requests, enabling attackers to traverse directory structures using relative path sequences. No active exploitation has been confirmed, and the low EPSS score (0.11th percentile) suggests limited real-world attack probability despite the moderate technical impact.
Technical ContextAI
The vulnerability stems from CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), a classic path traversal flaw where user-supplied input is not properly sanitized before being used in file system operations. The affected component is the lbg-cleverbakery WordPress plugin (a WPBakery Page Builder addon), which likely accepts file path parameters in HTTP requests without validating or canonicalizing paths to ensure they remain within an intended directory. Attackers can exploit this by injecting directory traversal sequences (such as '../' or encoded variants) to escape the plugin's restricted directory and access sensitive files elsewhere on the WordPress installation or server filesystem. The CPE for this plugin would be cpe:2.3:a:lambertgroup:html5_radio_player_-_wpbakery_page_builder_addon:*:*:*:*:*:wordpress:*:*.
Affected ProductsAI
LambertGroup HTML5 Radio Player WPBakery Page Builder Addon (WordPress plugin identifier: lbg-cleverbakery) version 2.5 and all earlier versions are affected. The plugin is distributed through the official WordPress plugin repository and third-party sources. Additional version information is not specified in available data; however, the vulnerability note indicates the issue affects the product from its inception through at least version 2.5.
RemediationAI
Update the HTML5 Radio Player WPBakery Page Builder Addon plugin immediately to a patched version beyond 2.5. Visit the WordPress plugin repository or the official LambertGroup website to download the latest version, or use the WordPress admin dashboard (Plugins > Updates) to apply the update automatically. If an immediate update is not possible, deactivate and remove the plugin until a patch is installed, as the vulnerability allows unauthenticated arbitrary file access. For detailed advisory information and confirmation of the patched version, refer to the Patchstack vulnerability database entry: https://patchstack.com/database/Wordpress/Plugin/lbg-cleverbakery/vulnerability/wordpress-html5-radio-player-wpbakery-page-builder-addon-plugin-2-5-arbitrary-file-download-vulnerability.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today