Unauthorized Arbitrary File Deletion Vulnerability in Sonaar's MP3 Audio Player
CVE-2024-7856

8.1HIGH

Key Information:

Vendor: Wordpress
Status: Mp3 Audio Player – Music Player, Podcast Player & Radio By Sonaar
Vendor: CVE Published:; 29 August 2024

Summary

The MP3 Audio Player – Music Player, Podcast Player & Radio plugin by Sonaar for WordPress is susceptible to a vulnerability that permits unauthorized deletion of files. This issue arises from the absence of a proper capability check in the removeTempFiles() function and inadequate path validation for the 'file' parameter across all versions up to and including 5.7.0.1. As a result, authenticated users with a subscriber-level role or higher can exploit this vulnerability to delete critical files, including wp-config.php, potentially leading to remote code execution scenarios.

Affected Version(s)

MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar * <= 5.7.0.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/mp3-music-play...

https://plugins.trac.wordpress.org/changeset/3142445/mp3-...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 29, 2024
Vulnerability Reserved
Aug 15, 2024

Credit

Arkadiusz Hydzik