cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches formusic-player-for-elementor music-player-for-elementor

Direction: ascending
Jun 07, 2024

Music Player for Elementor – Audio Player & Podcast Player # d08e4c5224341794c59bd67d8da71e3e03bb213e

CVE, Research URL

d08e4c5224341794c59bd67d8da71e3e03bb213e

Home page URL

Security reports for Music Player for Elementor – Audio Player & Podcast Player

Application

Music Player for Elementor – Audio Player & Podcast Player

Date
Feb 28, 2022
Research Description
Music Player for Elementor &#8211; Audio Player &amp; Podcast Player [music-player-for-elementor] < 1.5.5 WordPress Music Player for Elementor – Audio Player & Podcast Player plugin < 1.5.5 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress Music Player for Elementor – Audio Player & Podcast Player plugin (versions < 1.5.5).
Affected versions
max 1.5.5.
Status
vulnerable
Nov 15, 2024

Music Player for Elementor &#8211; Audio Player &amp; Podcast Player # CVE-2022-4974

CVE, Research URL

CVE-2022-4974

Home page URL

Security reports for Music Player for Elementor &#8211; Audio Player &amp; Podcast Player

Application

Music Player for Elementor &#8211; Audio Player &amp; Podcast Player

Date
Oct 16, 2024
Research Description
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions
max 1.5.5.
Status
vulnerable
Jun 03, 2025

Music Player for Elementor &#8211; Audio Player &amp; Podcast Player # CVE-2025-5340

CVE, Research URL

CVE-2025-5340

Home page URL

Security reports for Music Player for Elementor &#8211; Audio Player &amp; Podcast Player

Application

Music Player for Elementor &#8211; Audio Player &amp; Podcast Player

Date
Jun 03, 2025
Research Description
The Music Player for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘album_buy_url’ parameter in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 2.4.7.
Status
vulnerable