Sonaar
Products
1- 13 CVEs
Recent CVEs
13| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-7856 | Hig | 0.52 | 8.1 | 0.19 | Aug 29, 2024 | The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a missing capability check on the removeTempFiles() function and insufficient path validation on the 'file' parameter in all… | ||
| CVE-2024-31343 | Hig | 0.49 | 7.5 | 0.01 | Apr 10, 2024 | Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10.1. | ||
| CVE-2024-30487 | Hig | 0.49 | 7.6 | 0.00 | Mar 29, 2024 | Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.1. | ||
| CVE-2024-30530 | Med | 0.42 | 6.5 | 0.00 | Mar 31, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Stored XSS.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through… | ||
| CVE-2024-56266 | Med | 0.41 | 6.3 | 0.00 | Jan 2, 2025 | Missing Authorization vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a… | ||
| CVE-2026-39647 | Med | 0.35 | 5.4 | 0.00 | Apr 8, 2026 | Server-Side Request Forgery (SSRF) vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through <= 5.11. | ||
| CVE-2024-5664 | Med | 0.35 | 6.4 | 0.00 | Jul 10, 2024 | The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute within the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.5 due to insufficient input… | ||
| CVE-2025-32235 | Med | 0.28 | 4.3 | 0.00 | Apr 4, 2025 | Missing Authorization vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from… | ||
| CVE-2026-1219 | Med | 0.27 | 5.3 | 0.00 | Feb 19, 2026 | The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 4.0 to 5.10 via the 'load_track_note_ajax' due to missing validation on a user controlled key. This makes it possible for… | ||
| CVE-2026-1249 | Med | 0.26 | 5.0 | 0.00 | Feb 14, 2026 | The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Server-Side Request Forgery in versions 5.3 to 5.10 via the 'load_lyrics_ajax_callback' function. This makes it possible for authenticated attackers, with author level… | ||
| CVE-2023-47822 | 0.00 | — | 0.00 | Dec 9, 2024 | Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10. | |||
| CVE-2024-10268 | 0.00 | — | 0.00 | Nov 19, 2024 | The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.8 due to insufficient input sanitization and output… | |||
| CVE-2021-24624 | 0.00 | — | 0.01 | Nov 1, 2021 | The MP3 Audio Player for Music, Radio & Podcast by Sonaar WordPress plugin before 2.4.2 does not properly sanitize or escape data in some of its Playlist settings, allowing high privilege users to perform Cross-Site Scripting attacks |
- risk 0.52cvss 8.1epss 0.19
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a missing capability check on the removeTempFiles() function and insufficient path validation on the 'file' parameter in all…
- risk 0.49cvss 7.5epss 0.01
Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10.1.
- risk 0.49cvss 7.6epss 0.00
Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.1.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Stored XSS.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through…
- risk 0.41cvss 6.3epss 0.00
Missing Authorization vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a…
- risk 0.35cvss 5.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through <= 5.11.
- risk 0.35cvss 6.4epss 0.00
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute within the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.5 due to insufficient input…
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from…
- risk 0.27cvss 5.3epss 0.00
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 4.0 to 5.10 via the 'load_track_note_ajax' due to missing validation on a user controlled key. This makes it possible for…
- risk 0.26cvss 5.0epss 0.00
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Server-Side Request Forgery in versions 5.3 to 5.10 via the 'load_lyrics_ajax_callback' function. This makes it possible for authenticated attackers, with author level…
- CVE-2023-47822Dec 9, 2024risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10.
- CVE-2024-10268Nov 19, 2024risk 0.00cvss —epss 0.00
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.8 due to insufficient input sanitization and output…
- CVE-2021-24624Nov 1, 2021risk 0.00cvss —epss 0.01
The MP3 Audio Player for Music, Radio & Podcast by Sonaar WordPress plugin before 2.4.2 does not properly sanitize or escape data in some of its Playlist settings, allowing high privilege users to perform Cross-Site Scripting attacks