cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10268,https://securityvulnerability.io/vulnerability/CVE-2024-10268,Sonaar MP3 Audio Player Vulnerable to Stored Cross-Site Scripting,"The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Mp3 Audio Player – Music Player, Podcast Player & Radio By Sonaar",5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-11-19T07:35:25.742Z,0
CVE-2024-7856,https://securityvulnerability.io/vulnerability/CVE-2024-7856,Unauthorized Arbitrary File Deletion Vulnerability in Sonaar's MP3 Audio Player,"The MP3 Audio Player – Music Player, Podcast Player & Radio plugin by Sonaar for WordPress is susceptible to a vulnerability that permits unauthorized deletion of files. This issue arises from the absence of a proper capability check in the removeTempFiles() function and inadequate path validation for the 'file' parameter across all versions up to and including 5.7.0.1. As a result, authenticated users with a subscriber-level role or higher can exploit this vulnerability to delete critical files, including wp-config.php, potentially leading to remote code execution scenarios.",Wordpress,"Mp3 Audio Player – Music Player, Podcast Player & Radio By Sonaar",8.1,HIGH,0.0005300000193528831,false,,false,false,false,,false,false,2024-08-29T03:52:57.401Z,0
CVE-2024-5664,https://securityvulnerability.io/vulnerability/CVE-2024-5664,Sonaar MP3 Audio Player Vulnerable to Stored Cross-Site Scripting,"The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute within the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Mp3 Audio Player – Music Player, Podcast Player & Radio By Sonaar",5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-07-10T07:36:44.303Z,0
CVE-2021-24624,https://securityvulnerability.io/vulnerability/CVE-2021-24624,"MP3 Audio Player for Music, Radio & Podcast by Sonaar < 2.4.2 - Multiple Admin+ Cross Site Scripting","The MP3 Audio Player for Music, Radio & Podcast by Sonaar WordPress plugin before 2.4.2 does not properly sanitize or escape data in some of its Playlist settings, allowing high privilege users to perform Cross-Site Scripting attacks",Wordpress,"Mp3 Audio Player For Music, Radio & Podcast By Sonaar",4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-11-01T08:46:03.000Z,0