CVE-2025-31070
📋 TL;DR
This path traversal vulnerability in the LambertGroup HTML5 Radio Player - WPBakery Page Builder Addon WordPress plugin allows attackers to download arbitrary files from the server by manipulating file paths. It affects all WordPress sites using this plugin version 2.5 or earlier. Attackers can potentially access sensitive configuration files, database credentials, or other restricted content.
💻 Affected Systems
- LambertGroup HTML5 Radio Player - WPBakery Page Builder Addon WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise through retrieval of sensitive files like wp-config.php containing database credentials, leading to complete site takeover and potential lateral movement within the hosting environment.
Likely Case
Unauthorized access to sensitive files including configuration files, logs, and potentially user data, leading to information disclosure and possible credential theft.
If Mitigated
Limited impact if proper file permissions are configured and sensitive files are stored outside web-accessible directories.
🎯 Exploit Status
Path traversal vulnerabilities are commonly exploited and require minimal technical skill. The Patchstack reference indicates active exploitation awareness.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.6 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'HTML5 Radio Player - WPBakery Page Builder Addon'. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and remove the plugin immediately.
🔧 Temporary Workarounds
Immediate Plugin Deactivation
allTemporarily disable the vulnerable plugin to prevent exploitation while planning permanent fix.
wp plugin deactivate html5-radio-player-wpbakery-page-builder-addon
Web Application Firewall Rule
linuxBlock path traversal patterns at the WAF or web server level.
# Apache: RewriteRule .*\.\./.* - [F]
# Nginx: location ~ \.\./ { deny all; }
🧯 If You Can't Patch
- Immediately deactivate and remove the vulnerable plugin from all WordPress installations.
- Implement strict file permission controls and move sensitive files outside web-accessible directories.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins for 'HTML5 Radio Player - WPBakery Page Builder Addon' version 2.5 or earlier.Check Version:
wp plugin get html5-radio-player-wpbakery-page-builder-addon --field=versionVerify Fix Applied:
Confirm plugin version is 2.6 or later, or verify plugin is completely removed from the plugins directory.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in web server logs, especially requests containing '../' sequences or attempts to access sensitive files like wp-config.php
Network Indicators:
- HTTP requests with path traversal sequences (../, ..\) targeting the plugin's endpoints
SIEM Query:
web_access_logs WHERE url CONTAINS '../' AND url CONTAINS 'html5-radio-player' OR url CONTAINS 'wp-content/plugins/lbg-cleverbakery'