Lucene search
+L

656 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:44 a.m.11 views

CVE-2024-37445

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in bPlugins Html5 Audio Player allows Stored XSS.This issue affects Html5 Audio Player: from n/a through 2.2.23...

6.5CVSS6.8AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:35 a.m.8 views

CVE-2024-13157

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Podcast RSS Feed in all versions up to, and including, 5.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

6.4CVSS5.8AI score0.0041EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:56 a.m.12 views

CVE-2024-56266

Missing Authorization vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through = 5.8...

8.8CVSS7.2AI score0.00321EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:41 a.m.9 views

CVE-2024-52348

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AA Extensions AA Audio Player aa-audio-player allows DOM-Based XSS.This issue affects AA Audio Player: from n/a through = 1.0...

6.5CVSS7.2AI score0.00238EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:40 a.m.8 views

CVE-2024-10268

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sonaaraudioplayer shortcode in all versions up to, and including, 5.8 due to insufficient input sanitization and output escaping on user supplie...

6.4CVSS5.8AI score0.00333EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:16 a.m.10 views

CVE-2023-38516

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in WP OnlineSupport, Essential Plugin Audio Player with Playlist Ultimate plugin = 1.2.2 versions...

6.5CVSS5.6AI score0.0031EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:54 a.m.10 views

CVE-2023-0170

The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.9AI score0.00573EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:28 a.m.7 views

CVE-2023-27645

An issue found in POWERAMP audioplayer build 925 bundle play and build 954 allows a remote attacker to gain privileges via the reverb and EQ preset parameters...

9.8CVSS7.4AI score0.01455EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:56 a.m.6 views

CVE-2023-25989

Cross-Site Request Forgery CSRF vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading t...

8.8CVSS6.9AI score0.00378EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:16 a.m.8 views

CVE-2022-4542

The Compact WP Audio Player WordPress plugin before 1.9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hig...

5.4CVSS5.9AI score0.00471EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:4 p.m.8 views

CVE-2021-24734

The Compact WP Audio Player WordPress plugin before 1.9.7 does not escape some of its shortcodes attributes, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.9AI score0.00629EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:3 p.m.21 views

CVE-2021-24412

The Html5 Audio Player – Audio Player for WordPress plugin before 2.1.3 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious...

5.4CVSS6.3AI score0.00629EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:23 p.m.11 views

CVE-2021-24735

The Compact WP Audio Player WordPress plugin before 1.9.7 does not implement nonce checks, which could allow attackers to make a logged in admin change the "Disable Simultaneous Play" setting via a CSRF attack...

6.5CVSS6.7AI score0.00553EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:38 a.m.11 views

CVE-2016-0796

WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files is prone to multiple vulnerabilities, including open proxy and security bypass vulnerabilities because it fails to properly verify user-supplied input. An attacker may leverage these issues to hide attacks directed at a...

7.5CVSS7AI score0.01053EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:30 a.m.9 views

CVE-2015-2199

Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow 1 remote authenticated users to execute arbitrary SQL commands via the itemid parameter in a wonderpluginaudiosaveitem action to wp-admin/admin-ajax.php or remote administrators to execut...

6.5CVSS8.5AI score0.02582EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/18 4:3 p.m.14 views

CVE-2025-32287

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup Responsive HTML5 Audio Player PRO With Playlist lbg-audio2-html5 allows SQL Injection.This issue affects Responsive HTML5 Audio Player PRO With Playlist: from n/a through = 3.5.7...

8.5CVSS7.3AI score0.00267EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/18 4:2 p.m.10 views

CVE-2025-32307

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup Chameleon HTML5 Audio Player With/Without Playlist lbg-audio1-html5 allows SQL Injection.This issue affects Chameleon HTML5 Audio Player With/Without Playlist: from n/a through = 3.5.6...

8.5CVSS7.3AI score0.00267EPSS
Exploits0References1
NVD
NVD
added 2025/05/16 4:15 p.m.14 views

CVE-2025-32307

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup Chameleon HTML5 Audio Player With/Without Playlist lbg-audio1-html5 allows SQL Injection.This issue affects Chameleon HTML5 Audio Player With/Without Playlist: from n/a through = 3.5.6...

8.5CVSS0.00267EPSS
Exploits0References1
NVD
NVD
added 2025/05/16 4:15 p.m.10 views

CVE-2025-32287

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup Responsive HTML5 Audio Player PRO With Playlist lbg-audio2-html5 allows SQL Injection.This issue affects Responsive HTML5 Audio Player PRO With Playlist: from n/a through = 3.5.7...

8.5CVSS0.00267EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/16 3:45 p.m.7 views

CVE-2025-32287 WordPress Responsive HTML5 Audio Player PRO With Playlist <= 3.5.7 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup Responsive HTML5 Audio Player PRO With Playlist allows SQL Injection. This issue affects Responsive HTML5 Audio Player PRO With Playlist: from n/a through 3.5.7...

8.5CVSS7.6AI score0.00267EPSS
Exploits0References1
Rows per page
Query Builder