WordPress Plugin Vulnerabilities

MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 4.0 - 5.10 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure

Description

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 4.0 to 5.10 via the 'load_track_note_ajax' due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view the contents of private posts.

Affects Plugins

References

Classification

Type
IDOR
CWE

Miscellaneous

Original Researcher
kr0d
Verified
No

Timeline

Publicly Published
2026-02-18 (about 4 months ago)
Added
2026-02-18 (about 4 months ago)
Last Updated
2026-02-19 (about 4 months ago)

Other