5 matches found
CVE-2026-1249
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Server-Side Request Forgery in versions 5.3 to 5.10 via the 'loadlyricsajaxcallback' function. This makes it possible for authenticated attackers, with author level access and above, to mak...
CVE-2026-1249 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 5.3 - 5.10 - Authenticated (Author+) Server-Side Request Forgery
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Server-Side Request Forgery in versions 5.3 to 5.10 via the 'loadlyricsajaxcallback' function. This makes it possible for authenticated attackers, with author level access and above, to mak...
CVE-2026-1249
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Server-Side Request Forgery in versions 5.3 to 5.10 via the 'loadlyricsajaxcallback' function. This makes it possible for authenticated attackers, with author level access and above, to mak...
CVE-2026-1249
The CVE-2026-1249 entry concerns the WordPress plugin MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar. Affected versions 5.3–5.10 are vulnerable to Server-Side Request Forgery via load_lyrics_ajax_callback. Exploitation requires at least author-level authentication, enabling an ...
PT-2026-8097
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Server-Side Request Forgery in versions 5.3 to 5.10 via the 'load lyrics ajax callback' function. This makes it possible for authenticated attackers, with author level access and above, to...