CVE-2026-39647 WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 5.11 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through = 5.11...

EUVD-2025-31686

Malicious code in bioql PyPI...

CVE-2025-8559 All in One Music Player <= 1.3.1 - Authenticated (Contributor+) Path Traversal via theme Parameter

The All in One Music Player plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.1 via the 'theme' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of files on the server, which c...

PT-2025-39939

Name of the Vulnerable Software and Affected Versions All in One Music Player plugin for WordPress versions prior to 1.3.2 Description The All in One Music Player plugin for WordPress is susceptible to a Path Traversal issue through the theme parameter. This allows authenticated attackers with...

CVE-2025-5340

CVE-2025-5340 : The Music Player for Elementor plugin for WordPress is affected by a stored cross-site scripting (XSS) vulnerability via the album_buy_url parameter in all versions up to and including 2.4.6. Exploitation requires authenticated access at Contributor level or higher , enabling an a...

CVE-2022-29411

SQL Injection SQLi vulnerability in Mufeng's Hermit 音乐播放器 plugin = 3.1.6 on WordPress allows attackers to execute SQLi attack via &id...

PT-2022-19587 · Mufeng · Mufeng'S Hermit 音乐播放器 Plugin

Name of the Vulnerable Software and Affected Versions: Mufeng's Hermit 音乐播放器 plugin versions = 3.1.6 Description: The issue is related to Cross-Site Request Forgery CSRF that leads to Stored Cross-Site Scripting XSS via the title parameter. This allows for malicious script storage and execution...