Missing Authorization Vulnerability Affects Sonaar's MP3 Audio Player
CVE-2024-30487

7.6HIGH

Key Information:

Vendor: WordPress
Status: Mp3 Audio Player For Music, Radio & Podcast By Sonaar
Vendor: CVE Published:; 29 March 2024

What is CVE-2024-30487?

The MP3 Audio Player for Music, Radio & Podcast by Sonaar is affected by a missing authorization vulnerability. This issue allows unauthorized access to certain functions, potentially enabling attackers to manipulate audio files and settings without appropriate permissions. The vulnerability covers all versions of the MP3 Audio Player up to and including 5.1, highlighting the importance of implementing robust access controls to safeguard sensitive user data and functionality.

Affected Version(s)

MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 5.1

References

https://patchstack.com/database/vulnerability/mp3-music-p...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 29, 2024
Vulnerability Reserved
Mar 27, 2024

Credit

Steven Julian (Patchstack Alliance)