CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/04/08 8:30 a.m.•3 views

CVE-2026-39647 WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 5.11 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through = 5.11...

5.8AI score0.00168EPSS

Cvelist•added 2026/04/08 8:30 a.m.•24 views

CVE-2026-39647 WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 5.11 - Server Side Request Forgery (SSRF) vulnerability

5.4CVSS0.00168EPSS

CVE•added 2026/04/08 8:30 a.m.•15 views

CVE-2026-39647

CVE-2026-39647 describes a Server-Side Request Forgery (SSRF) in the WordPress plugin “MP3 Audio Player for Music, Radio & Podcast by Sonaar”, affected through version 5.11. The connected records confirm the issue is SSRF and affect the plugin with versions up to 5.11. No remediation details are ...

5.4CVSS5.9AI score0.00168EPSS

CNNVD•added 2026/04/08 12:0 a.m.•6 views

WordPress plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.4CVSS5.9AI score0.00168EPSS

RedhatCVE•added 2026/02/20 1:25 p.m.•7 views

CVE-2026-1219

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 4.0 to 5.10 via the 'loadtracknoteajax' due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers...

5.3CVSS5.6AI score0.00245EPSS

NVD•added 2026/02/19 10:16 a.m.•9 views

CVE-2026-1219

5.3CVSS0.00245EPSS

CVE•added 2026/02/19 9:26 a.m.•21 views

CVE-2026-1219

CVE-2026-1219 affects the WordPress plugin MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar. Versions 4.0–5.10 are exposed to an Insecure Direct Object Reference via load_track_note_ajax due to missing validation on a user-controlled key, allowing unauthenticated access to privat...

5.3CVSS5.5AI score0.00245EPSS

Vulnrichment•added 2026/02/19 9:26 a.m.•4 views

CVE-2026-1219 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 4.0 - 5.10 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure

5.3CVSS5.6AI score0.00245EPSS

Cvelist•added 2026/02/19 9:26 a.m.•28 views

CVE-2026-1219 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 4.0 - 5.10 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure

5.3CVSS0.00245EPSS

ATTACKERKB•added 2026/02/19 9:26 a.m.•7 views

CVE-2026-1219

5.3CVSS5.5AI score0.00245EPSS

Exploits0References5Affected Software1

CNNVD•added 2026/02/19 12:0 a.m.•9 views

WordPress plugin MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

5.3CVSS5.8AI score0.00245EPSS

RedhatCVE•added 2026/02/15 1:28 p.m.•7 views

CVE-2026-1249

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Server-Side Request Forgery in versions 5.3 to 5.10 via the 'loadlyricsajaxcallback' function. This makes it possible for authenticated attackers, with author level access and above, to mak...

5CVSS5.7AI score0.00183EPSS

NVD•added 2026/02/14 9:16 a.m.•6 views

CVE-2026-1249

5CVSS0.00183EPSS

ATTACKERKB•added 2026/02/14 8:26 a.m.•5 views

CVE-2026-1249

5CVSS5.7AI score0.00183EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/02/14 8:26 a.m.•25 views

CVE-2026-1249 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 5.3 - 5.10 - Authenticated (Author+) Server-Side Request Forgery

5CVSS0.00183EPSS

CVE•added 2026/02/14 8:26 a.m.•26 views

CVE-2026-1249

The CVE-2026-1249 entry concerns the WordPress plugin MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar. Affected versions 5.3–5.10 are vulnerable to Server-Side Request Forgery via load_lyrics_ajax_callback. Exploitation requires at least author-level authentication, enabling an ...

5CVSS5.7AI score0.00183EPSS

CNNVD•added 2026/02/14 12:0 a.m.•10 views

WordPress plugin MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 代码问题漏洞

5CVSS5.9AI score0.00183EPSS

RedhatCVE•added 2025/05/23 8:30 a.m.•6 views

CVE-2024-5664

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute within the plugin's sonaaraudioplayer shortcode in all versions up to, and including, 5.5 due to insufficient input sanitization and outpu...

6.4CVSS5.8AI score0.00329EPSS

Cvelist•added 2025/04/04 3:59 p.m.•16 views

CVE-2025-32235 WordPress MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin <= 5.9.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through = 5.9.4...

4.3CVSS0.00346EPSS