29 matches found
CVE-2023-54351
WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the comment functionality. Attackers can submit JavaScript payloads in the comment parameter to wp-comments-post.php which are stored an...
CVE-2023-54351 WordPress Sonaar Music Plugin 4.7 Stored XSS via Comments
WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the comment functionality. Attackers can submit JavaScript payloads in the comment parameter to wp-comments-post.php which are stored an...
CVE-2023-54351
WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the comment functionality. Attackers can submit JavaScript payloads in the comment parameter to wp-comments-post.php which are stored an...
EUVD-2023-60582
WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the comment functionality. Attackers can submit JavaScript payloads in the comment parameter to wp-comments-post.php which are stored an...
CVE-2023-54351 WordPress Sonaar Music Plugin 4.7 Stored XSS via Comments
WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the comment functionality. Attackers can submit JavaScript payloads in the comment parameter to wp-comments-post.php which are stored an...
WordPress plugin Sonaar Music 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-47233
Name of the Vulnerable Software and Affected Versions Sonaar Music Plugin version 4.7 Description A stored cross-site scripting issue exists in the comment functionality. Unauthenticated attackers can inject malicious scripts by submitting JavaScript payloads via the comment parameter to the...
CVE-2018-25335
WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter to...
CVE-2018-25335 WordPress Plugin Peugeot Music 1.0 Arbitrary File Upload
WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter to...
EUVD-2025-6443
Malicious code in bioql PyPI...
EUVD-2024-50675
Malicious code in bioql PyPI...
CVE-2025-8559
The All in One Music Player plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.1 via the 'theme' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of files on the server, which c...
WordPress Netease Music plugin <= 3.2.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Netease Music versions = 3.2.1...
CVE-2025-2103
The SoundRise Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on theironMusicajax function in all versions up to, and including, 1.6.11. This makes it possible for authenticated attackers, with...
CVE-2025-2103
CVE-2025-2103 – SoundRise Music (WordPress) Vulnerability exists in SoundRise Music plugin for WordPress (all versions <= 1.6.11). A missing capability check in onMusic_ajax() allows authenticated users with subscriber-level access and above to modify arbitrary options, enabling privilege esca...
WordPress plugin SoundRise Music 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-12202
The Croma Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'ironMusicajax' function in all versions up to, and including, 3.6. This makes it possible for authenticated attackers, with...
WordPress Croma Music plugin <= 3.6 - Authenticated (Subscriber+) Arbitrary Options Update in ironMusic_ajax vulnerability
Authenticated Subscriber+ Arbitrary Options Update in ironMusicajax vulnerability discovered by Tonn in WordPress Plugin Croma Music versions = 3.6...
CVE-2024-12202
The Croma Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'ironMusicajax' function in all versions up to, and including, 3.6. This makes it possible for authenticated attackers, with...
CVE-2024-12202
CVE-2024-12202 affects the Croma Music plugin for WordPress (