VYPR

Audio Player

by WordPress

Source repositories

CVEs (3)

  • CVE-2024-7856HigAug 29, 2024
    risk 0.52cvss 8.1epss 0.19

    The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a missing capability check on the removeTempFiles() function and insufficient path validation on the 'file' parameter in all…

  • CVE-2024-5664MedJul 10, 2024
    risk 0.35cvss 6.4epss 0.00

    The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute within the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.5 due to insufficient input…

  • CVE-2013-1464Feb 7, 2013
    risk 0.04cvss epss 0.06

    Cross-site scripting (XSS) vulnerability in assets/player.swf in the Audio Player plugin before 2.0.4.6 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the playerID parameter.