WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 4.10 - Broken Access Control vulnerability
CVE-2023-47822

8.8HIGH

Key Information:

Vendor

WordPress
Status
Mp3 Audio Player For Music, Radio & Podcast By Sonaar
Vendor
CVE Published:
9 December 2024

What is CVE-2023-47822?

A missing authorization vulnerability in the Sonaar Music MP3 Audio Player enables unauthorized access due to incorrectly configured access control security levels. This flaw affects all versions of the plugin up to version 4.10, potentially allowing attackers to exploit sensitive functionalities without proper authentication, posing significant risks to data integrity and user privacy.

Affected Version(s)

MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 4.10

References

https://patchstack.com/database/wordpress/plugin/mp3-musi...
vdb-entry

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Abdi Pranata (Patchstack Alliance)
.
CVE-2023-47822 : WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 4.10 - Broken Access Control vulnerability