Vulnerabilities > CVE-2023-4025 - Missing Authorization vulnerability in Softlabbd Radio Player

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

softlabbd

CWE-862

NVD

Published: 2024-08-17

Updated: 2024-08-28

Summary

The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to update player instances.

Vulnerable Configurations

Part	Description	Count
Application	Softlabbd Softlabbd Radio Player *	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/77409977-6822-4d14-9842-cb6a5aff2162?source=cve
https://plugins.svn.wordpress.org/radio-player/tags/2.0.7/readme.txt
https://plugins.trac.wordpress.org/changeset/2942906/radio-player/trunk/includes/class-ajax.php
https://plugins.trac.wordpress.org/changeset/3048105