Vulnerabilities > Sonaar
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-29 | CVE-2024-7856 | Missing Authorization vulnerability in Sonaar MP3 Audio Player for Music, Radio & Podcast The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a missing capability check on the removeTempFiles() function and insufficient path validation on the 'file' parameter in all versions up to, and including, 5.7.0.1. | 8.1 |
| 2024-07-10 | CVE-2024-5664 | Cross-site Scripting vulnerability in Sonaar MP3 Audio Player for Music, Radio & Podcast The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute within the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2021-11-01 | CVE-2021-24624 | Cross-site Scripting vulnerability in Sonaar MP3 Audio Player for Music, Radio & Podcast The MP3 Audio Player for Music, Radio & Podcast by Sonaar WordPress plugin before 2.4.2 does not properly sanitize or escape data in some of its Playlist settings, allowing high privilege users to perform Cross-Site Scripting attacks | 4.8 |