CVE-2026-8679 AudioIgniter Music Player <= 2.0.2 - Unauthenticated Insecure Direct Object Reference to 'audioigniter_playlist_id' Parameter

The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handleplaylistendpoint function hooked to templateredirect accepting a user-controlled playlist ID via the audioigniterplaylistid query var or the...

PT-2024-30155 · Unknown · Kashipara Music Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Music Management System version 1.0 Description: The issue allows an attacker to execute arbitrary SQL commands via the pid parameter in the "/music/manage playlist items.php" API endpoint. This enables the attacker to manipulate th...

PT-2024-23679 · Derbynet · Derbynet

Name of the Vulnerable Software and Affected Versions: DerbyNet versions 9.0 and below Description: The issue allows attackers to execute arbitrary code via the back parameter in "playlist.php". This is a Cross Site Scripting vulnerability. Recommendations: For DerbyNet versions 9.0 and below,...