CVE-2025-3103
CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon <= 2.4 - Unauthenticated Arbitrary File Read
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th
The CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin for WordPress is vulnerable to arbitrary file read due to insufficient file path validation in the 'history.php' file in all versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to read arbitrary files on the affected site's server, which may contain sensitive information including database credentials. The vulnerability was partially patched in version 2.4.
| CWE | CWE-73 |
| Vendor | lambertgroup |
| Product | clever - html5 radio player with history - shoutcast and icecast - elementor widget addon |
| Published | Apr 19, 2025 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for lambertgroup clever - html5 radio player with history - shoutcast and icecast - elementor widget addon
Be the first to know when new high vulnerabilities affecting lambertgroup clever - html5 radio player with history - shoutcast and icecast - elementor widget addon are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
LambertGroup / CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon
0 โค 2.4
References
Credits
Tran Nguyen Bao Khanh (from VCI - VNPT Cyber Immunity)