PT-2026-20776 · Sonaar+1 · Mp3 Audio Player – Music Player+1

Kenneth Dunn

·

Publicado

2026-02-19

·

Atualizado

2026-02-19

·

CVE-2026-1219

CVSS v3.1

5.3

Média

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar versions 4.0 through 5.10
Description The MP3 Audio Player plugin for WordPress has an issue related to Insecure Direct Object Reference. This occurs due to a lack of validation on a user-controlled key within the load track note ajax function. This allows unauthenticated attackers to view the contents of private posts.
Recommendations Update the MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin to a version newer than 5.10.

Correção

IDOR

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-639

Identificadores relacionados

CVE-2026-1219

Produtos afetados

Mp3 Audio Player – Music Player
Wordpress