CVE-2024-10582 Music Player for Elementor – Audio Player & Podcast Player <= 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Template Import

The Music Player for Elementor – Audio Player & Podcast Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the importmpfetemplate function in all versions up to, and including, 2.4.1. This makes it possible for authenticated...

PT-2024-16381 · WordPress · The Music Player For Elementor – Audio Player & Podcast Player

Name of the Vulnerable Software and Affected Versions: The Music Player for Elementor – Audio Player & Podcast Player plugin for WordPress versions up to, and including, 2.4.1 Description: The issue is related to unauthorized modification of data due to a missing capability check on the import mp...

CVE-2024-7856 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.7.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a missing capability check on the removeTempFiles function and insufficient path validation on the 'file' parameter in all versions up to, and...

CVE-2024-7856

CVE-2024-7856 affects the WordPress plugin MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar. The root cause is twofold: (1) missing authorization checks in removeTempFiles() and (2) inadequate validation of the file parameter, enabling authenticated users (subscriber level and hi...

WordPress Music Player for Elementor – Audio Player & Podcast Player Plugin < 1.5.9.9 is vulnerable to Cross Site Scripting (XSS)

Software Music Player for Elementor – Audio Player & Podcast Player Type Plugin Vulnerable versions 1.5.9.9 Fixed in 1.5.9.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...

WordPress Music Player for Elementor – Audio Player & Podcast Player plugin < 1.5.5 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Music Player for Elementor – Audio Player & Podcast Player plugin versions 1.5.5. Solution Update the WordPress Music Player for Elementor – Audio Player & Podcast Player plugin to the latest available version at least 1.5.5...

WordPress Music Player for Elementor – Audio Player & Podcast Player plugin < 1.5.5 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Music Player for Elementor – Audio Player & Podcast Player plugin versions 1.5.5. Solution Update the WordPress Music Player for Elementor – Audio Player & Podcast Player plugin to the latest available...