All in One Music Player

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Description

The All in One Music Player plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.1 via the 'theme' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of files on the server, which can contain sensitive information.

Basic Information

ID CVE-2025-8559

Source Wordfence

Published Sep 30, 2025 at 03:35

Affected Product

Vendor sanzeeb3

Product All in One Music Player

Version *

Affected Versions sanzeeb3 All in One Music Player *

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "The All in One Music Player plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.1 via the 'theme' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of files on the server, which can contain sensitive information.",
    "published": "2025-09-30T03:35:29.725Z",
    "modified": "2025-09-30T03:35:29.725Z",
    "type": "cve",
    "title": "All in One Music Player <= 1.3.1 - Authenticated (Contributor+) Path Traversal via theme Parameter",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a35aa722-041f-4126-b742-bcf5219424ed?source=cve\nhttps://plugins.svn.wordpress.org/all-in-one-music-player/tags/1.3.1/src/Plugin.php\nhttps://wordpress.org/plugins/all-in-one-music-player/#developers",
    "id": "CVE-2025-8559",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "sanzeeb3 All in One Music Player *",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "All in One Music Player",
    "version": "*",
    "vendor": "sanzeeb3",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

All in One Music Player <= 1.3.1 - Authenticated (Contributor+) Path Traversal via theme Parameter_CVE-2025-8559