Search criteria
2 vulnerabilities found for CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon by LambertGroup
CVE-2025-3103 (GCVE-0-2025-3103)
Vulnerability from nvd – Published: 2025-04-19 04:21 – Updated: 2026-04-08 16:33
VLAI?
Title
CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon <= 2.4 - Unauthenticated Arbitrary File Read
Summary
The CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin for WordPress is vulnerable to arbitrary file read due to insufficient file path validation in the 'history.php' file in all versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to read arbitrary files on the affected site's server, which may contain sensitive information including database credentials. The vulnerability was partially patched in version 2.4.
Severity ?
7.5 (High)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LambertGroup | CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon |
Affected:
0 , ≤ 2.4
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3103",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-21T02:40:31.273645Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T02:40:44.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon",
"vendor": "LambertGroup",
"versions": [
{
"lessThanOrEqual": "2.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tran Nguyen Bao Khanh (from VCI - VNPT Cyber Immunity)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin for WordPress is vulnerable to arbitrary file read due to insufficient file path validation in the \u0027history.php\u0027 file in all versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to read arbitrary files on the affected site\u0027s server, which may contain sensitive information including database credentials. The vulnerability was partially patched in version 2.4."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:33:56.469Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0733261f-a2e1-4bd1-a57d-fdaaa8c904db?source=cve"
},
{
"url": "https://codecanyon.net/item/clever-html5-radio-player-with-history-shoutcast-and-icecast-elementor-widget-addon/26708087#item-description__updates-release-log"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-18T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon \u003c= 2.4 - Unauthenticated Arbitrary File Read"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-3103",
"datePublished": "2025-04-19T04:21:14.601Z",
"dateReserved": "2025-04-01T19:54:20.663Z",
"dateUpdated": "2026-04-08T16:33:56.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-3103 (GCVE-0-2025-3103)
Vulnerability from cvelistv5 – Published: 2025-04-19 04:21 – Updated: 2026-04-08 16:33
VLAI?
Title
CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon <= 2.4 - Unauthenticated Arbitrary File Read
Summary
The CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin for WordPress is vulnerable to arbitrary file read due to insufficient file path validation in the 'history.php' file in all versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to read arbitrary files on the affected site's server, which may contain sensitive information including database credentials. The vulnerability was partially patched in version 2.4.
Severity ?
7.5 (High)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LambertGroup | CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon |
Affected:
0 , ≤ 2.4
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3103",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-21T02:40:31.273645Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T02:40:44.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon",
"vendor": "LambertGroup",
"versions": [
{
"lessThanOrEqual": "2.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tran Nguyen Bao Khanh (from VCI - VNPT Cyber Immunity)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin for WordPress is vulnerable to arbitrary file read due to insufficient file path validation in the \u0027history.php\u0027 file in all versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to read arbitrary files on the affected site\u0027s server, which may contain sensitive information including database credentials. The vulnerability was partially patched in version 2.4."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:33:56.469Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0733261f-a2e1-4bd1-a57d-fdaaa8c904db?source=cve"
},
{
"url": "https://codecanyon.net/item/clever-html5-radio-player-with-history-shoutcast-and-icecast-elementor-widget-addon/26708087#item-description__updates-release-log"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-18T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon \u003c= 2.4 - Unauthenticated Arbitrary File Read"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-3103",
"datePublished": "2025-04-19T04:21:14.601Z",
"dateReserved": "2025-04-01T19:54:20.663Z",
"dateUpdated": "2026-04-08T16:33:56.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}