3 matches found
Exploit for Missing Authorization in Sonaar Mp3_Audio_Player_For_Music\,_Radio_\&_Podcast
CVE-2024-7856 ★ CVE-2024-7856 Arbitrary File deletion PoC ★...
CVE-2024-7856
CVE-2024-7856 affects the WordPress plugin MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar. The root cause is twofold: (1) missing authorization checks in removeTempFiles() and (2) inadequate validation of the file parameter, enabling authenticated users (subscriber level and hi...
WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar Plugin <= 5.7.0.1 is vulnerable to Arbitrary File Deletion
Software MP3 Audio Player for Music, Radio & Podcast by Sonaar Type Plugin Vulnerable versions = 5.7.0.1 Fixed in 5.7.1 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-7856 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID...