PT-2026-8097 · WordPress+1 · Wordpress+1
Kenneth Dunn
·
Publicado
2026-02-14
·
Atualizado
2026-02-14
·
CVE-2026-1249
CVSS v3.1
5.0
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar versions 5.3 through 5.10
Description
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress has a Server-Side Request Forgery issue. Attackers with author-level access or higher can make web requests to arbitrary locations from the web application. This can be used to query and modify information from internal services via the
load lyrics ajax callback function.Recommendations
Update MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar to a version later than 5.10.
Correção
SSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Mp3 Audio Player – Music Player
Wordpress