Vulnerabilities > Sonaar

DATE CVE VULNERABILITY TITLE RISK
2025-01-02 CVE-2024-56266 Missing Authorization vulnerability in Sonaar MP3 Audio Player for Music, Radio & Podcast
Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.8.
network
low complexity
sonaar CWE-862
8.8
8.8
2024-12-09 CVE-2023-47822 Missing Authorization vulnerability in Sonaar MP3 Audio Player for Music, Radio & Podcast
Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10.
network
low complexity
sonaar CWE-862
8.8
8.8
2024-11-19 CVE-2024-10268 Cross-site Scripting vulnerability in Sonaar MP3 Audio Player for Music, Radio & Podcast
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.8 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
sonaar CWE-79
5.4
5.4
2024-08-29 CVE-2024-7856 Missing Authorization vulnerability in Sonaar MP3 Audio Player for Music, Radio & Podcast
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a missing capability check on the removeTempFiles() function and insufficient path validation on the 'file' parameter in all versions up to, and including, 5.7.0.1.
network
low complexity
sonaar CWE-862
8.1
8.1
2024-07-10 CVE-2024-5664 Cross-site Scripting vulnerability in Sonaar MP3 Audio Player for Music, Radio & Podcast
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute within the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.5 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
sonaar CWE-79
5.4
5.4
2024-04-10 CVE-2024-31343 Unspecified vulnerability in Sonaar MP3 Audio Player for Music, Radio & Podcast
Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10.1.
network
low complexity
sonaar
7.5
7.5
2024-03-31 CVE-2024-30530 Unspecified vulnerability in Sonaar MP3 Audio Player for Music, Radio & Podcast
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Stored XSS.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.1.
network
low complexity
sonaar
5.4
5.4
2024-03-29 CVE-2024-30487 Unspecified vulnerability in Sonaar MP3 Audio Player for Music, Radio & Podcast
Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.1.
network
low complexity
sonaar
7.6
7.6
2021-11-01 CVE-2021-24624 Cross-site Scripting vulnerability in Sonaar MP3 Audio Player for Music, Radio & Podcast
The MP3 Audio Player for Music, Radio & Podcast by Sonaar WordPress plugin before 2.4.2 does not properly sanitize or escape data in some of its Playlist settings, allowing high privilege users to perform Cross-Site Scripting attacks
network
low complexity
sonaar CWE-79
4.8
4.8