CVE-2025-3103

Name of the Vulnerable Software and Affected Versions CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin for WordPress versions up to, and including, 2.4

Description The issue is related to insufficient file path validation in the 'history.php' file, allowing unauthenticated attackers to read arbitrary files on the affected site's server. This may include sensitive information such as database credentials. The vulnerability was partially patched in version 2.4.

Recommendations For versions up to, and including, 2.4, update to a version that fully patches the vulnerability, as version 2.4 only partially addresses the issue. As a temporary workaround, consider restricting access to the 'history.php' file until a fully patched version is available.