WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 4.10 - Broken Access Control vulnerability
CVE-2023-47822

8.8HIGH

Key Information:

Vendor: WordPress
Status: Mp3 Audio Player For Music, Radio & Podcast By Sonaar
Vendor: CVE Published:; 9 December 2024

Summary

A missing authorization vulnerability in the Sonaar Music MP3 Audio Player enables unauthorized access due to incorrectly configured access control security levels. This flaw affects all versions of the plugin up to version 4.10, potentially allowing attackers to exploit sensitive functionalities without proper authentication, posing significant risks to data integrity and user privacy.

Affected Version(s)

MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 4.10

References

https://patchstack.com/database/wordpress/plugin/mp3-musi...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2024
Vulnerability Reserved
Nov 12, 2023

Credit

Abdi Pranata (Patchstack Alliance)