Vulnerabilities > Sonaar > MP3 Audio Player FOR Music Radio Podcast > 5.5

DATE	CVE	VULNERABILITY TITLE	RISK
2025-01-02	CVE-2024-56266	Missing Authorization vulnerability in Sonaar MP3 Audio Player for Music, Radio & Podcast Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.8. network low complexity sonaar CWE-862	8.8
2024-11-19	CVE-2024-10268	Cross-site Scripting vulnerability in Sonaar MP3 Audio Player for Music, Radio & Podcast The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.8 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity sonaar CWE-79	5.4

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.