3 matches found
CVE-2024-1041
CVE-2024-1041 pertains to the WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin. The issue is a Stored Cross-Site Scripting vulnerability in the plugin’s settings, arising from insufficient input sanitization and output escaping, coupled with inadequate access control on t...
CVE-2024-1042
CVE-2024-1042 affects the WP Radio plugin for WordPress (versions up to 3.1.9). Description shows unauthorized modification of data via missing capability checks on several AJAX actions, allowing authenticated users with subscriber+ privileges to import stations, remove countries, and alter plugi...
CVE-2023-46150
CVE-2023-46150 affects the WP Radio WordPress plugin (<= 3.1.9). It is a CSRF vulnerability allowing unauthenticated or minimal-privilege actions that could be triggered by a logged-in user, per connected sources. Affected software: WP Radio / WordPress plugin. Root cause: CSRF in WP Radio’s h...