Vulnerabilities > CVE-2023-4024 - Missing Authorization vulnerability in Softlabbd Radio Player

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

softlabbd

CWE-862

NVD

Published: 2024-08-17

Updated: 2024-08-28

Summary

The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to delete player instances.

Vulnerable Configurations

Part	Description	Count
Application	Softlabbd Softlabbd Radio Player *	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/3f408f1f-207e-427a-a5d0-d0fadf453d7e?source=cve
https://plugins.svn.wordpress.org/radio-player/tags/2.0.7/readme.txt
https://plugins.trac.wordpress.org/changeset/2942906/radio-player/trunk/includes/class-ajax.php
https://plugins.trac.wordpress.org/changeset/3048105