CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/06/17 6:35 p.m.•9 views

EUVD-2025-210222

Subscriber Privilege Escalation in Sonaar = 4.27.4 versions...

8.8CVSS5.2AI score0.00378EPSS

NVD•added 2026/06/17 1:19 p.m.•7 views

CVE-2025-59563

Subscriber Privilege Escalation in Sonaar = 4.27.4 versions...

8.8CVSS0.00378EPSS

NVD•added 2026/06/17 1:19 p.m.•5 views

CVE-2025-59560

Unauthenticated Cross Site Scripting XSS in Sonaar = 4.27.4 versions...

7.1CVSS0.0023EPSS

Cvelist•added 2026/06/17 9:50 a.m.•27 views

CVE-2025-59563 WordPress Sonaar theme <= 4.27.4 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in Sonaar = 4.27.4 versions...

8.8CVSS0.00378EPSS

CVE•added 2026/06/17 9:50 a.m.•11 views

CVE-2025-59563

CVE-2025-59563 is a Privilege Escalation vulnerability in the WordPress Sonaar theme, affecting versions up to 4.27.4. The issue is described as an Authenticated (Subscriber+) privilege escalation with CVSS v3.1 base score 8.8 (High). The vulnerability is exploitable with low privileges and no us...

8.8CVSS5.2AI score0.00378EPSS

CVE•added 2026/06/17 9:50 a.m.•7 views

CVE-2025-59560

CVE-2025-59560: Unauthenticated Cross-Site Scripting in WordPress Sonaar theme

7.1CVSS5.1AI score0.0023EPSS

Cvelist•added 2026/06/17 9:50 a.m.•26 views

CVE-2025-59560 WordPress Sonaar theme <= 4.27.4 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Sonaar = 4.27.4 versions...

7.1CVSS0.0023EPSS

NVD•added 2026/06/08 2:16 a.m.•11 views

CVE-2023-54351

WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the comment functionality. Attackers can submit JavaScript payloads in the comment parameter to wp-comments-post.php which are stored an...

7.2CVSS0.00184EPSS

Cvelist•added 2026/06/08 1:55 a.m.•45 views

CVE-2023-54351 WordPress Sonaar Music Plugin 4.7 Stored XSS via Comments

7.2CVSS0.00184EPSS

Vulnrichment•added 2026/06/08 1:55 a.m.•8 views

CVE-2023-54351 WordPress Sonaar Music Plugin 4.7 Stored XSS via Comments

EUVD•added 2026/06/08 1:55 a.m.•9 views

EUVD-2023-60582

CVE•added 2026/06/08 1:55 a.m.•19 views

CVE-2023-54351

CVE-2023-54351 : WordPress Sonaar Music Plugin 4.7 has a stored XSS vulnerability in the comment functionality. Unauthenticated attackers can submit JavaScript payloads via the comment parameter to wp-comments-post.php, which are stored and later executed in the browsers of users viewing the affe...

ATTACKERKB•added 2026/06/08 1:55 a.m.•5 views

CVE-2023-54351

Exploits0References2Affected Software1

Positive Technologies•added 2026/06/08 12:0 a.m.•12 views

PT-2026-47233

Name of the Vulnerable Software and Affected Versions Sonaar Music Plugin version 4.7 Description A stored cross-site scripting issue exists in the comment functionality. Unauthenticated attackers can inject malicious scripts by submitting JavaScript payloads via the comment parameter to the...

CNNVD•added 2026/06/08 12:0 a.m.•7 views

Exploits0References9

WordPress plugin Sonaar Music 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.2CVSS5AI score0.00184EPSS

RedhatCVE•added 2026/04/14 1:22 a.m.•5 views

CVE-2026-39647

Server-Side Request Forgery SSRF vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through = 5.11...

5.4CVSS5.8AI score0.00168EPSS

EUVD•added 2026/04/08 9:31 a.m.•4 views

EUVD-2026-20309

5.9AI score0.00168EPSS

NVD•added 2026/04/08 9:16 a.m.•5 views

CVE-2026-39647

5.4CVSS0.00168EPSS