Lucene search
+L

149 matches found

Vulnrichment
Vulnrichment
added 2024/12/09 11:30 a.m.11 views

CVE-2023-47822 WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 4.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10...

5.4CVSS6.9AI score0.0042EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/09 12:0 a.m.4 views

PT-2024-13503 · Sonaar · Sonaar Music Mp3 Audio Player

Name of the Vulnerable Software and Affected Versions: Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar versions n/a through 4.10 Description: The issue affects the Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar due to a Missing Authorization vulnerability...

8.8CVSS9.5AI score0.0042EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/12/09 12:0 a.m.7 views

WordPress plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

8.8CVSS8.5AI score0.0042EPSS
Exploits0References1
NVD
NVD
added 2024/11/19 8:15 a.m.12 views

CVE-2024-10268

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sonaaraudioplayer shortcode in all versions up to, and including, 5.8 due to insufficient input sanitization and output escaping on user supplie...

6.4CVSS0.00333EPSS
Exploits0References3
OSV
OSV
added 2024/11/19 8:15 a.m.4 views

CVE-2024-10268

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sonaaraudioplayer shortcode in all versions up to, and including, 5.8 due to insufficient input sanitization and output escaping on user supplie...

5.4CVSS7.4AI score0.00333EPSS
Exploits0References3
CVE
CVE
added 2024/11/19 7:35 a.m.56 views

CVE-2024-10268

CVE-2024-10268 – MP3 Audio Player by Sonaar (WordPress) Vulnerability type: Stored Cross-Site Scripting (XSS) via the shortcode sonaar_audioplayer. Root cause: insufficient input sanitization and output escaping on user-supplied shortcode attributes. Affected software: WordPress plugin MP3 Audio ...

6.4CVSS5.7AI score0.00333EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/19 7:35 a.m.14 views

CVE-2024-10268 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via sonaar_audioplayer Shortcode

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sonaaraudioplayer shortcode in all versions up to, and including, 5.8 due to insufficient input sanitization and output escaping on user supplie...

6.4CVSS5.8AI score0.00333EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/19 7:35 a.m.20 views

CVE-2024-10268 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via sonaar_audioplayer Shortcode

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sonaaraudioplayer shortcode in all versions up to, and including, 5.8 due to insufficient input sanitization and output escaping on user supplie...

6.4CVSS0.00333EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/19 12:0 a.m.6 views

PT-2024-16147 · Sonaar · Mp3 Audio Player – Music Player

Name of the Vulnerable Software and Affected Versions: The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress versions up to, and including, 5.8 Description: The issue is related to Stored Cross-Site Scripting via the plugin's sonaar audioplayer shortcode due t...

6.4CVSS7.9AI score0.00333EPSS
Exploits0References9
Patchstack
Patchstack
added 2024/11/18 9:28 p.m.6 views

WordPress MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin <= 5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via sonaar_audioplayer Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via sonaaraudioplayer Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar versions = 5.8...

6.4CVSS5.8AI score0.00333EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/18 12:0 a.m.10 views

WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar Plugin <= 5.8 is vulnerable to Cross Site Scripting (XSS)

Software MP3 Audio Player for Music, Radio & Podcast by Sonaar Type Plugin Vulnerable versions = 5.8 Fixed in 5.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10268 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d11f205f19...

6.4CVSS5.8AI score0.00333EPSS
Exploits0References3Affected Software1
GithubExploit
GithubExploit
added 2024/09/09 8:34 a.m.645 views

Exploit for Missing Authorization in Sonaar Mp3_Audio_Player_For_Music\,_Radio_\&_Podcast

CVE-2024-7856 ★ CVE-2024-7856 Arbitrary File deletion PoC ★...

9.1CVSS9.5AI score0.19326EPSS
Exploits1
NVD
NVD
added 2024/08/29 11:15 a.m.33 views

CVE-2024-7856

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a missing capability check on the removeTempFiles function and insufficient path validation on the 'file' parameter in all versions up to, and...

8.1CVSS0.19326EPSS
Exploits1References4
OSV
OSV
added 2024/08/29 11:15 a.m.6 views

CVE-2024-7856

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a missing capability check on the removeTempFiles function and insufficient path validation on the 'file' parameter in all versions up to, and...

8.1CVSS6.5AI score0.19326EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/08/29 3:52 a.m.13 views

CVE-2024-7856 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.7.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a missing capability check on the removeTempFiles function and insufficient path validation on the 'file' parameter in all versions up to, and...

8.1CVSS9.2AI score0.19326EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/08/29 3:52 a.m.36 views

CVE-2024-7856 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.7.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a missing capability check on the removeTempFiles function and insufficient path validation on the 'file' parameter in all versions up to, and...

8.1CVSS0.19326EPSS
Exploits1References4
CVE
CVE
added 2024/08/29 3:52 a.m.71 views

CVE-2024-7856

CVE-2024-7856 affects the WordPress plugin MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar. The root cause is twofold: (1) missing authorization checks in removeTempFiles() and (2) inadequate validation of the file parameter, enabling authenticated users (subscriber level and hi...

8.1CVSS8.8AI score0.19326EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2024/08/29 1:3 a.m.8 views

WordPress MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin <= 5.7.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar versions = 5.7.0.1...

9.1CVSS7AI score0.19326EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2024/07/10 8:15 a.m.19 views

CVE-2024-5664

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute within the plugin's sonaaraudioplayer shortcode in all versions up to, and including, 5.5 due to insufficient input sanitization and outpu...

6.4CVSS0.00329EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2024/07/10 8:15 a.m.3 views

CVE-2024-5664

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute within the plugin's sonaaraudioplayer shortcode in all versions up to, and including, 5.5 due to insufficient input sanitization and outpu...

6.4CVSS6.1AI score0.00329EPSS
Exploits0References5
Rows per page
Query Builder