Lucene search

K
wpvulndbWpvulndbWPVDB-ID:10C90180-D5FB-44BF-AC72-8BDC1561A572
HistoryApr 10, 2024 - 12:00 a.m.

MP3 Audio Player for Music, Radio & Podcast by Sonaar < 5.0 - Unauthenticated Arbitrary File Download

2024-04-1000:00:00
wpscan.com
6
wordpress
sonaar
arbitrary file download

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Description The MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin for WordPress is vulnerable to arbitrary file downloads due to insufficient file validation on the load_lyrics_ajax_callback() function in all versions up to, and including, 4.10.1. This makes it possible for unauthenticated attackers to download arbitrary files such as wp-config.php.

CPENameOperatorVersion
eq5.0

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Related for WPVDB-ID:10C90180-D5FB-44BF-AC72-8BDC1561A572