CLEVER WordPress Plugin Elementor Widget Addon Unauthenticated Arbitrary File Read Vulnerability
Vulnerability
A vulnerability allowing arbitrary file read has been identified in the CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin for WordPress, affecting all versions through 2.4. The issue arises from inadequate file path validation in 'history.php', enabling unauthenticated attackers to read arbitrary files on the server, potentially exposing sensitive information such as database credentials. Although version 2.4 partially addressed this vulnerability, it remains a concern in earlier versions.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the server, including database credentials, which could be used for further attacks or to compromise the website.
Remediation
Users are advised to update the CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin to version 2.5 or a newer patched version.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.