VYPR

Luna Radio Player

by WordPress

CVEs (2)

  • CVE-2024-10816HigNov 13, 2024
    risk 0.49cvss 7.5epss 0.01

    The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.24.01.24 via the js/fallback.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can…

  • CVE-2024-10881MedDec 5, 2024
    risk 0.42cvss 6.4epss 0.00

    The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lunaradio' shortcode in versions up to, and including, 6.24.11.07 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for…