MP3 Audio Player for Music, Radio & Podcast by Sonaar < 5.1.1 – Missing Authorization | CVE 2024-30487 | Plugin Vulnerabilities

Description

The MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

mp3-music-player-by-sonaar

Fixed in 5.1.1

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/5e722b30-f136-4f57-a248-cf9cdd499552

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Steven Julian

Verified

No

WPVDB ID

812a6432-8894-44b6-8868-0f6e1d89f813

Timeline

Publicly Published

2024-03-28 (about 2 years ago)

Added

2024-04-03 (about 2 years ago)

Last Updated

2024-04-03 (about 2 years ago)

Other

Published

Title

Published

2025-01-07

Title

WP Delete Post Copies < 6.0 - Missing Authorization

Published

2024-06-06

Title

WooCommerce Dropshipping <= 5.1.2 - Unauthenticated Arbitrary Email Send

Published

2023-06-15

Title

CHP Ads Block Detector < 3.9.8 - Subscriber+ Plugin Settings Update

Published

2025-12-29

Title

WpStream < 4.9.6 - Missing Authorization

Published

2025-10-23

Title

Quickcreator – AI Blog Writer 0.0.9 - 0.1.17 - Unauthenticated API Key Exposure