WordPress Plugin Vulnerabilities
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 4.0 - 5.10 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure
Description
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 4.0 to 5.10 via the 'load_track_note_ajax' due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view the contents of private posts.
Affects Plugins
References
Classification
Type
IDOR
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
kr0d
Verified
No
WPVDB ID
Timeline
Publicly Published
2026-02-18 (about 4 months ago)
Added
2026-02-18 (about 4 months ago)
Last Updated
2026-02-19 (about 4 months ago)