CVE-2024-1041 WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Authenticated(Subscriber+) Stored Cross-Site Scripting via Settings

🗓️ 10 Apr 2024 04:30:18Reported by WordfenceType

Vulnerability in WP Radio WordPress plugin, allowing Stored Cross-Site Scripting

Reporter	Title	Published	Views	Family All 12
CNNVD	WordPress plugin WP Radio 安全漏洞	10 Apr 202400:00	–	cnnvd
CVE	CVE-2024-1041	10 Apr 202404:30	–	cve
EUVD	EUVD-2024-16817	3 Oct 202520:07	–	euvd
NVD	CVE-2024-1041	10 Apr 202405:15	–	nvd
OSV	CVE-2024-1041	10 Apr 202405:15	–	osv
Patchstack	WordPress WP Radio plugin <= 3.1.9 - Authenticated Stored Cross-Site Scripting vulnerability	11 Apr 202412:44	–	patchstack
Patchstack	WordPress WP Radio – Worldwide Online Radio Stations Directory for WordPress Plugin <= 3.1.9 is vulnerable to Cross Site Scripting (XSS)	11 Apr 202400:00	–	patchstack
RedhatCVE	CVE-2024-1041	23 May 202508:22	–	redhatcve
Vulnrichment	CVE-2024-1041 WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Authenticated(Subscriber+) Stored Cross-Site Scripting via Settings	10 Apr 202404:30	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (April 8, 2024 to April 14, 2024)	18 Apr 202415:58	–	wordfence

[
  {
    "vendor": "princeahmed",
    "product": "WP Radio – Worldwide Online Radio Stations Directory for WordPress",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "3.1.9",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/486ffdc9-a3e7-4f4c-89b1-b668a5d41aa5
wordpress	www.wordpress.org/plugins/wp-radio/

08 Apr 2026 16:50Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.16.4

EPSS0.00379

CWE-862