WordPress Plugin Vulnerabilities

MP3 Audio Player for Music, Radio & Podcast by Sonaar < 2.4.2 - Multiple Admin+ Cross Site Scripting

Description

The plugin does not properly sanitize or escape data in some of its Playlist settings, allowing high privilege users to perform Cross-Site Scripting attacks

Proof of Concept

Affects Plugins

Plugin icon
mp3-music-player-by-sonaar
Fixed in 2.4.2

References

CVE
CVE-2021-24624

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
2.7 (low)

Miscellaneous

Original Researcher
apple502j
Submitter
apple502j
Verified
Yes
WPVDB ID
d79d2f6a-257a-4c9e-b971-9837abd4211c

Timeline

Publicly Published
2021-10-04 (about 4 years ago)
Added
2021-10-04 (about 4 years ago)
Last Updated
2022-04-15 (about 3 years ago)

Other

Published
Title
Published
2021-09-21
Title
Responsive WordPress Slider <= 2.2.0 - Reflected Cross-Site Scripting
Published
2022-03-01
Title
Bulk Creator <= 1.0.1 - Reflected Cross-Site Scripting
Published
2025-11-20
Title
WP Company Info <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published
2025-04-24
Title
External Markdown <= 0.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2018-12-18
Title
Google XML Sitemaps < 4.1.0 - Authenticated Cross-Site Scripting (XSS)