5 matches found
CVE-2025-59563 WordPress Sonaar theme <= 4.27.4 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in Sonaar = 4.27.4 versions...
CVE-2025-59560 WordPress Sonaar theme <= 4.27.4 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Sonaar = 4.27.4 versions...
CVE-2023-54351 WordPress Sonaar Music Plugin 4.7 Stored XSS via Comments
WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the comment functionality. Attackers can submit JavaScript payloads in the comment parameter to wp-comments-post.php which are stored an...
CVE-2023-54351
CVE-2023-54351 : WordPress Sonaar Music Plugin 4.7 has a stored XSS vulnerability in the comment functionality. Unauthenticated attackers can submit JavaScript payloads via the comment parameter to wp-comments-post.php, which are stored and later executed in the browsers of users viewing the affe...
WordPress Sonaar theme <= 4.27.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Sonaar versions = 4.27.4...