149 matches found
CVE-2023-47822 WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 4.10 - Broken Access Control vulnerability
Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10...
PT-2024-13503 · Sonaar · Sonaar Music Mp3 Audio Player
Name of the Vulnerable Software and Affected Versions: Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar versions n/a through 4.10 Description: The issue affects the Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar due to a Missing Authorization vulnerability...
WordPress plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...
CVE-2024-10268
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sonaaraudioplayer shortcode in all versions up to, and including, 5.8 due to insufficient input sanitization and output escaping on user supplie...
CVE-2024-10268
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sonaaraudioplayer shortcode in all versions up to, and including, 5.8 due to insufficient input sanitization and output escaping on user supplie...
CVE-2024-10268
CVE-2024-10268 – MP3 Audio Player by Sonaar (WordPress) Vulnerability type: Stored Cross-Site Scripting (XSS) via the shortcode sonaar_audioplayer. Root cause: insufficient input sanitization and output escaping on user-supplied shortcode attributes. Affected software: WordPress plugin MP3 Audio ...
CVE-2024-10268 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via sonaar_audioplayer Shortcode
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sonaaraudioplayer shortcode in all versions up to, and including, 5.8 due to insufficient input sanitization and output escaping on user supplie...
CVE-2024-10268 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via sonaar_audioplayer Shortcode
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sonaaraudioplayer shortcode in all versions up to, and including, 5.8 due to insufficient input sanitization and output escaping on user supplie...
PT-2024-16147 · Sonaar · Mp3 Audio Player – Music Player
Name of the Vulnerable Software and Affected Versions: The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress versions up to, and including, 5.8 Description: The issue is related to Stored Cross-Site Scripting via the plugin's sonaar audioplayer shortcode due t...
WordPress MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin <= 5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via sonaar_audioplayer Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via sonaaraudioplayer Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar versions = 5.8...
WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar Plugin <= 5.8 is vulnerable to Cross Site Scripting (XSS)
Software MP3 Audio Player for Music, Radio & Podcast by Sonaar Type Plugin Vulnerable versions = 5.8 Fixed in 5.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10268 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d11f205f19...
Exploit for Missing Authorization in Sonaar Mp3_Audio_Player_For_Music\,_Radio_\&_Podcast
CVE-2024-7856 ★ CVE-2024-7856 Arbitrary File deletion PoC ★...
CVE-2024-7856
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a missing capability check on the removeTempFiles function and insufficient path validation on the 'file' parameter in all versions up to, and...
CVE-2024-7856
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a missing capability check on the removeTempFiles function and insufficient path validation on the 'file' parameter in all versions up to, and...
CVE-2024-7856 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.7.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a missing capability check on the removeTempFiles function and insufficient path validation on the 'file' parameter in all versions up to, and...
CVE-2024-7856 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.7.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a missing capability check on the removeTempFiles function and insufficient path validation on the 'file' parameter in all versions up to, and...
CVE-2024-7856
CVE-2024-7856 affects the WordPress plugin MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar. The root cause is twofold: (1) missing authorization checks in removeTempFiles() and (2) inadequate validation of the file parameter, enabling authenticated users (subscriber level and hi...
WordPress MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin <= 5.7.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar versions = 5.7.0.1...
CVE-2024-5664
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute within the plugin's sonaaraudioplayer shortcode in all versions up to, and including, 5.5 due to insufficient input sanitization and outpu...
CVE-2024-5664
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute within the plugin's sonaaraudioplayer shortcode in all versions up to, and including, 5.5 due to insufficient input sanitization and outpu...