PatchSiren cyber security CVE debrief
CVE-2016-20081 Husain CVE debrief
CVE-2016-20081 is a path traversal vulnerability in WordPress Plugin HB Audio Gallery Lite 1.0.0. This vulnerability allows unauthenticated attackers to download arbitrary files by manipulating the file_path parameter in requests to the audio-download.php endpoint. Attackers can use directory traversal sequences to access sensitive files like wp-config.php outside the intended gallery directory.
- Vendor
- Husain
- Product
- HB Audio Gallery Lite
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of WordPress Plugin HB Audio Gallery Lite 1.0.0 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability has a CVSS score of 8.7 and is considered HIGH severity. It can be exploited by sending requests to the audio-download.php endpoint with directory traversal sequences.
Defensive priority
HIGH
Recommended defensive actions
- Update to a patched version of the plugin if available.
- Restrict access to the audio-download.php endpoint.
- Monitor for suspicious activity related to the plugin.
Evidence notes
Evidence of this vulnerability can be found in the CVE record [cve-org] and the NVD detail [nvd].
Official resources
CVE-2016-20081 was published on 2026-06-15T14:16:31.647Z and has not been modified since.