Cross-Site Request Forgery Vulnerability in Wayne Audio Player
CVE-2024-56203

8.8HIGH

Key Information:

Vendor: WordPress
Status: Wayne Audio Player
Vendor: CVE Published:; 31 December 2024

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Wayne Audio Player, developed by George Holmes II. This flaw permits attackers to perform unauthorized actions on behalf of an authenticated user, potentially leading to privilege escalation. The issue impacts all versions of Wayne Audio Player from n/a through version 1.0, posing a significant risk to users relying on this audio playback solution. It is crucial for users to implement proper security measures to mitigate the risk associated with this vulnerability.

Affected Version(s)

Wayne Audio Player <= 1.0

References

https://patchstack.com/database/wordpress/plugin/wayne-au...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 31, 2024
Vulnerability Reserved
Dec 18, 2024

Credit

Mika (Patchstack Alliance)