cbcvebase.

Sonaar Mp3 Audio Player For Music Radio Podcast vulnerabilities

9 known vulnerabilities affecting sonaar/mp3_audio_player_for_music_radio_podcast.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2024-7856P2HIGHCVSS 8.1fixed in 5.7.12024-08-29
CVE-2024-7856 [HIGH] CWE-862 CVE-2024-7856: The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulner The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a missing capability check on the removeTempFiles() function and insufficient path validation on the 'file' parameter in all versions up to, and including, 5.7.0.1. This makes it possible for authenticat
nvd
CVE-2023-47822P3HIGHCVSS 8.8fixed in 4.10.12024-12-09
CVE-2023-47822 [HIGH] CWE-862 CVE-2023-47822: Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by S Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10.
nvd
CVE-2024-56266P3HIGHCVSS 8.8fixed in 5.92025-01-02
CVE-2024-56266 [HIGH] CWE-862 CVE-2024-56266: Missing Authorization vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar Missing Authorization vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through <= 5.8.
nvd
CVE-2024-30487P3HIGHCVSS 7.6fixed in 5.1.12024-03-29
CVE-2024-30487 [HIGH] CWE-862 CVE-2024-30487: Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by S Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.1.
nvd
CVE-2024-31343P3HIGHCVSS 7.5fixed in 5.02024-04-10
CVE-2024-31343 [HIGH] CWE-862 CVE-2024-31343: Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by S Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10.1.
nvd
CVE-2024-30530P4MEDIUMCVSS 5.4fixed in 5.1.12024-03-31
CVE-2024-30530 [MEDIUM] CWE-79 CVE-2024-30530: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Stored XSS.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.1.
nvd
CVE-2024-5664P4MEDIUMCVSS 5.4fixed in 5.62024-07-10
CVE-2024-5664 [MEDIUM] CWE-79 CVE-2024-5664: The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulner The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute within the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it po
nvd
CVE-2024-10268P4MEDIUMCVSS 5.4fixed in 5.92024-11-19
CVE-2024-10268 [MEDIUM] CWE-79 CVE-2024-10268: The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulner The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated
nvd
CVE-2021-24624P4MEDIUMCVSS 4.8fixed in 2.4.22021-11-01
CVE-2021-24624 [MEDIUM] CWE-79 CVE-2021-24624: The MP3 Audio Player for Music, Radio & Podcast by Sonaar WordPress plugin before 2.4.2 does not pro The MP3 Audio Player for Music, Radio & Podcast by Sonaar WordPress plugin before 2.4.2 does not properly sanitize or escape data in some of its Playlist settings, allowing high privilege users to perform Cross-Site Scripting attacks
nvd
Sonaar Mp3 Audio Player For Music Radio Podcast vulnerabilities | cvebase