CVE-2026-8679
published 2026-05-22CVE-2026-8679: The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the…
PriorityP259high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
1.51%
71.2th percentile
The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handle_playlist_endpoint() function (hooked to template_redirect) accepting a user-controlled playlist ID via the audioigniter_playlist_id query var or the /audioigniter/playlist/{id}/ rewrite rule and returning playlist track data without performing any authentication, capability, or post_status check — only the post_type is validated. This makes it possible for unauthenticated attackers to view track metadata (titles, artists, audio URLs, buy links, download URLs, and cover images) of any playlist on the site, including those in draft, private, pending, or trash status.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cssigniterteam | audioigniter_music_player | <= 2.0.2 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Probe for unauthenticated IDOR by first identifying a page containing 'audioigniter_playlist_id', extracting the numeric playlist ID, then requesting /?audioigniter_playlist_id=<id> and checking for HTTP 200, Content-Type: application/json, and JSON body fields 'title', 'audio', and 'subtitle'. ↗
- →Fingerprint vulnerable WordPress installations by searching for pages whose body contains the string 'audioigniter_playlist_id' (FOFA query: body="audioigniter_playlist_id"). ↗
- →The vulnerable function handle_playlist_endpoint() is hooked to template_redirect; no authentication, capability, or post_status check is performed — only post_type is validated, so any numeric post ID of type audioigniter_playlist is accessible unauthenticated. ↗
- →Successful exploitation returns a JSON response containing track metadata fields including titles, artists, audio URLs, buy links, download URLs, and cover images — even for playlists in draft, private, pending, or trash status. ↗
- ·The Nuclei template uses a two-step flow: step 1 must succeed (HTTP 200 + body contains 'audioigniter_playlist_id') before step 2 executes. The playlist ID is dynamically extracted via regex 'audioigniter_playlist_id=(\d+)' from the homepage body, so a valid ID must be present in the page source for the template to fire. ↗
- ·Affected versions are up to and including 2.0.2 of the AudioIgniter WordPress plugin; versions beyond 2.0.2 are not confirmed vulnerable. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hvqp-vjwf-27jg: The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2
ghsa_unreviewed·2026-05-22
CVE-2026-8679 [HIGH] CWE-639 GHSA-hvqp-vjwf-27jg: The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2
The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handle_playlist_endpoint() function (hooked to template_redirect) accepting a user-controlled playlist ID via the audioigniter_playlist_id query var or the /audioigniter/playlist/{id}/ rewrite rule and returning playlist track data without performing any authentication, capability, or post_status check — only the post_type is validated. This makes it possible for unauthenticated attackers to view track metadata (titles, artists, audio URLs, buy links, download URLs, and cover images) of any playlist on the site, including those in draft, private, pending, or trash status.
VulDB
cssigniterteam AudioIgniter Music Player Plugin up to 2.0.2 on WordPress /audioigniter/playlist/ handle_playlist_endpoint authorization
vuldb·2026-05-22·CVSS 7.5
CVE-2026-8679 [HIGH] cssigniterteam AudioIgniter Music Player Plugin up to 2.0.2 on WordPress /audioigniter/playlist/ handle_playlist_endpoint authorization
A vulnerability categorized as problematic has been discovered in cssigniterteam AudioIgniter Music Player Plugin up to 2.0.2 on WordPress. This vulnerability affects the function handle_playlist_endpoint of the file /audioigniter/playlist/. Executing a manipulation can lead to authorization bypass.
This vulnerability is registered as CVE-2026-8679. It is possible to launch the attack remotely. No exploit is available.
It is advisable to upgrade the affected component.
No detection rules found.
Nuclei
WordPress AudioIgniter <= 2.0.2 - Unauthenticated IDOR
nuclei·CVSS 7.5
CVE-2026-8679 [HIGH] WordPress AudioIgniter <= 2.0.2 - Unauthenticated IDOR
WordPress AudioIgniter <= 2.0.2 - Unauthenticated IDOR
The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. The handle_playlist_endpoint() function accepted a user-controlled playlist ID and returned track data without authentication.
Template:
id: CVE-2026-8679
info:
name: WordPress AudioIgniter <= 2.0.2 - Unauthenticated IDOR
author: 0x_Akoko
severity: high
description: |
The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. The handle_playlist_endpoint() function accepted a user-controlled playlist ID and returned track data without authentication.
impact: |
Unauthenticated attackers can access sensitive playlist metadata including pr
No writeups or analysis indexed.
https://github.com/cssigniter/audioigniter/commit/35a0508583c26c01b6ac446404ad6fe1d440d8d4https://plugins.trac.wordpress.org/browser/audioigniter/tags/2.0.2/audioigniter.php#L1257https://plugins.trac.wordpress.org/browser/audioigniter/tags/2.0.2/audioigniter.php#L1263https://plugins.trac.wordpress.org/browser/audioigniter/tags/2.0.2/audioigniter.php#L1315https://www.wordfence.com/threat-intel/vulnerabilities/id/fe573d64-036e-4f6f-bcc1-5183bb9ad2b9?source=cve
2026-05-22
Published