cleantalk
Vulnerabilities and Security Researches

Music Sheet Viewer, CVE-2024-13671

CVE, Research URL

CVE-2024-13671

Home page URL

Security reports for Music Sheet Viewer

Application

Music Sheet Viewer

Published on
Jan 30, 2025
Research Description
The Music Sheet Viewer plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.1 via the read_score_file() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
Affected versions
Min -, max 4.1.
Status
vulnerable
Previous vulnerability researches
Music Sheet Viewer (CVE-2025-25155) , Feb 09, 2025
Music Sheet Viewer (CVE-2024-13671) , May 07, 2025
Music Sheet Viewer (CVE-2024-13670) , Feb 01, 2025
New vulnerability
Xavin's List Subpages (CVE-2025-4220) , May 08, 2025
CarDealerPress (CVE-2025-3860) , May 08, 2025
Crossword Compiler Puzzles (CVE-2025-46493) , May 08, 2025
Frontend Dashboard (CVE-2025-4104) , May 08, 2025
Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce (CVE-2025-0671) , May 08, 2025