Vulnerabilities and security researches formp3-music-player-by-sonaar mp3-music-player-by-sonaar
Direction: ascendingJun 07, 2024
MP3 Audio Player for Music, Radio & Podcast by Sonaar # CVE-2021-24624
- CVE, Research URL
- Date
- Nov 01, 2021
- Research Description
- The MP3 Audio Player for Music, Radio & Podcast by Sonaar WordPress plugin before 2.4.2 does not properly sanitize or escape data in some of its Playlist settings, allowing high privilege users to perform Cross-Site Scripting attacks
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
MP3 Audio Player for Music, Radio & Podcast by Sonaar # CVE-2024-30487
- CVE, Research URL
- Date
- Mar 29, 2024
- Research Description
- Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.1.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
MP3 Audio Player for Music, Radio & Podcast by Sonaar # CVE-2024-30530
- CVE, Research URL
- Date
- Apr 01, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Stored XSS.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.1.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
MP3 Audio Player for Music, Radio & Podcast by Sonaar # CVE-2024-31343
- CVE, Research URL
- Date
- Apr 10, 2024
- Research Description
- Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10.1.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jun 10, 2024
MP3 Audio Player for Music, Radio & Podcast by Sonaar # CVE-2023-47822
- CVE, Research URL
- Date
- Dec 09, 2024
- Research Description
- Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jul 11, 2024
MP3 Audio Player for Music, Radio & Podcast by Sonaar # CVE-2024-5664
- CVE, Research URL
- Date
- Jul 10, 2024
- Research Description
- The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute within the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Aug 30, 2024
MP3 Audio Player for Music, Radio & Podcast by Sonaar # CVE-2024-7856
- CVE, Research URL
- Date
- Aug 29, 2024
- Research Description
- The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a missing capability check on the removeTempFiles() function and insufficient path validation on the 'file' parameter in all versions up to, and including, 5.7.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary files which can make remote code execution possible when wp-config.php is deleted.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Nov 20, 2024
MP3 Audio Player for Music, Radio & Podcast by Sonaar # CVE-2024-10268
- CVE, Research URL
- Date
- Nov 19, 2024
- Research Description
- The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jan 03, 2025
MP3 Audio Player for Music, Radio & Podcast by Sonaar # CVE-2024-56266
- CVE, Research URL
- Date
- Jan 02, 2025
- Research Description
- Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.8.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Feb 01, 2025
MP3 Audio Player for Music, Radio & Podcast by Sonaar # CVE-2024-13157
- CVE, Research URL
- Date
- Jan 31, 2025
- Research Description
- The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Podcast RSS Feed in all versions up to, and including, 5.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Apr 06, 2025
MP3 Audio Player for Music, Radio & Podcast by Sonaar # CVE-2025-32235
- CVE, Research URL
- Date
- Apr 04, 2025
- Research Description
- MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar [mp3-music-player-by-sonaar] <= 5.9.4 (unfixed) CVE-2025-32235 [en] Missing Authorization vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.9.4.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable