Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

sonaar — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting sonaar. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by sonaar:MP3 Audio Player – Music Player, Podcast Player & Radio by SonaarMP3 Audio Player for Music, Radio & Podcast by Sonaar
CVE IDTitleCVSSSeverityPublished
CVE-2026-39647 WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 5.11 - Server Side Request Forgery (SSRF) vulnerability — MP3 Audio Player for Music, Radio & Podcast by SonaarCWE-918 9.1AICriticalAI2026-04-08
CVE-2026-1219 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 4.0 - 5.10 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure — MP3 Audio Player – Music Player, Podcast Player & Radio by SonaarCWE-639 5.3 Medium2026-02-19
CVE-2026-1249 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 5.3 - 5.10 - Authenticated (Author+) Server-Side Request Forgery — MP3 Audio Player – Music Player, Podcast Player & Radio by SonaarCWE-918 5.0 Medium2026-02-14
CVE-2025-32235 WordPress MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin <= 5.9.4 - Broken Access Control vulnerability — MP3 Audio Player for Music, Radio & Podcast by SonaarCWE-862 4.3 Medium2025-04-04
CVE-2024-13157 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Podcast RSS Feed — MP3 Audio Player – Music Player, Podcast Player & Radio by SonaarCWE-79 6.4 Medium2025-01-31
CVE-2024-56266 WordPress MP3 Audio Player plugin <= 5.8 - Broken Access Control vulnerability — MP3 Audio Player for Music, Radio & Podcast by SonaarCWE-862 6.3 Medium2025-01-02
CVE-2024-10268 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via sonaar_audioplayer Shortcode — MP3 Audio Player – Music Player, Podcast Player & Radio by SonaarCWE-79 6.4 Medium2024-11-19
CVE-2024-7856 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.7.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion — MP3 Audio Player – Music Player, Podcast Player & Radio by SonaarCWE-862 8.1 High2024-08-29
CVE-2024-5664 MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via sonaar_audioplayer Shortcode — MP3 Audio Player – Music Player, Podcast Player & Radio by SonaarCWE-79 6.4 Medium2024-07-10

This page lists every published CVE security advisory associated with sonaar. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.