Vulnerabilities and security researches formusic-player-for-woocommerce music-player-for-woocommerce

May 09, 2025

CVE, Research URL: CVE-2025-47472
Home page URL: Security reports for Music Player for WooCommerce
Application: Music Player for WooCommerce
Date: May 07, 2025
Research Description: Missing Authorization vulnerability in codepeople Music Player for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Music Player for WooCommerce: from n/a through 1.5.1.
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: b719198356d5501c3dcda4f20ff90b5ca3497335
Home page URL: Security reports for Music Player for WooCommerce
Application: Music Player for WooCommerce
Date: Jun 30, 2022
Research Description: Music Player for WooCommerce [music-player-for-woocommerce] < 1.0.173 Music Player for WooCommerce <= 1.0.172 - Authenticated (Admin+) Stored Cross-Site Scripting The Music Player for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting several parameters in versions up to, and including, 1.0.172 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable