cleantalk
Vulnerabilities and Security Researches

Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress, CVE-2023-4027

CVE, Research URL

CVE-2023-4027

Home page URL

Security reports for Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress

Application

Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress

Published on
Aug 17, 2024
Research Description
The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_settings function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to update plugin settings.
Affected versions
max 2.0.74.
Status
vulnerable
Previous vulnerability researches
Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com (CVE-2025-23854) , Jan 18, 2025
Shoutcast Icecast HTML5 Radio Player (CVE-2024-8666) , Oct 26, 2024
Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress (971fb8ca82e479cf299b6fe3febbcab5da5854dc) , Jun 07, 2024
Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress (CVE-2024-34753) , Jun 07, 2024
Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress (CVE-2024-32506) , Jun 07, 2024
New vulnerability
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) (CVE-2024-13362) , May 02, 2026
POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications (CVE-2024-13362) , May 02, 2026
Elementor Website Builder – More than Just a Page Builder (CVE-2026-6127) , May 02, 2026
WPGraphQL (CVE-2026-40762) , May 02, 2026
Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery (CVE-2024-13362) , May 02, 2026