CVE-2025-31070

High CVSS 7.5

Overview

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LambertGroup HTML5 Radio Player - WPBakery Page Builder Addon allows Path Traversal. This issue affects HTML5 Radio Player - WPBakery Page Builder Addon: from n/a through 2.5.

CWE: CWE-22 Published: 2025-07-16T12:15:25.720

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 7.5 (HIGH)
Detected tags: path (tag impact: MODERATE)

Recommended actions:

Canonicalize path; block `..` traversal; use allowlists.

Overview

Recommended tools

Tags