WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 4.10 - Broken Access Control vulnerability
CVE-2023-47822
8.8HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 9 December 2024
What is CVE-2023-47822?
A missing authorization vulnerability in the Sonaar Music MP3 Audio Player enables unauthorized access due to incorrectly configured access control security levels. This flaw affects all versions of the plugin up to version 4.10, potentially allowing attackers to exploit sensitive functionalities without proper authentication, posing significant risks to data integrity and user privacy.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 4.10
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Abdi Pranata (Patchstack Alliance)