Vulnerabilities > CVE-2023-4024 - Missing Authorization vulnerability in Softlabbd Radio Player

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
softlabbd
CWE-862

Summary

The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to delete player instances.

Vulnerable Configurations

Part Description Count
Application
Softlabbd
1

Common Weakness Enumeration (CWE)