PT-2026-8097 · WordPress+1 · Wordpress+1
Kenneth Dunn
·
Published
2026-02-14
·
Updated
2026-02-14
·
CVE-2026-1249
CVSS v3.1
5.0
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar versions 5.3 through 5.10
Description
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress has a Server-Side Request Forgery issue. Attackers with author-level access or higher can make web requests to arbitrary locations from the web application. This can be used to query and modify information from internal services via the
load lyrics ajax callback function.Recommendations
Update MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar to a version later than 5.10.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mp3 Audio Player – Music Player
Wordpress