CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2024-54385 – WordPress Radio Player plugin <= 2.0.82 - Server Side Request Forgery (SSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-54385
12 Dec 2024 — Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through 2.0.82. The Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.82. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application which can be us... • https://packetstorm.news/files/id/183337 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34753 – WordPress Radio Player plugin <= 2.0.73 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-34753
14 May 2024 — Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73. Vulnerabilidad de falta de autorización en SoftLab Radio Player. Este problema afecta a Radio Player: desde n/a hasta 2.0.73. The Radio Player plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the render_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to render arbitra... • https://patchstack.com/database/vulnerability/radio-player/wordpress-radio-player-plugin-2-0-73-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33592 – WordPress Radio Player plugin <= 2.0.73 - Server Side Request Forgery (SSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-33592
25 Apr 2024 — Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73. Vulnerabilidad de Server-Side Request Forgery (SSRF) en SoftLab Radio Player. Este problema afecta a Radio Player: desde n/a hasta 2.0.73. The Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.73. This makes it possible for unauthenticated at... • https://patchstack.com/database/vulnerability/radio-player/wordpress-radio-player-plugin-2-0-73-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32506 – WordPress Radio Player plugin <= 2.0.73 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-32506
15 Apr 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en SoftLab Radio Player. Este problema afecta a Radio Player: desde n/a hasta 2.0.73. The Radio Player plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.0.73. This makes it possi... • https://patchstack.com/database/vulnerability/radio-player/wordpress-radio-player-plugin-2-0-73-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29811 – WordPress Radio Player plugin <= 2.0.73 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29811
27 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoftLab Radio Player allows Stored XSS.This issue affects Radio Player: from n/a through 2.0.73. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en SoftLab Radio Player permite XSS almacenado. Este problema afecta a Radio Player: desde n/a hasta 2.0.73. The Radio Player plugin for WordPress is vulnerable to Stored Cross-Site Scriptin... • https://patchstack.com/database/vulnerability/radio-player/wordpress-radio-player-plugin-2-0-73-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2906 – WordPress Radio Player plugin <= 2.0.73 - Unauthenticated Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-2906
26 Mar 2024 — Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73. Vulnerabilidad de falta de autorización en SoftLab Radio Player. Este problema afecta a Radio Player: desde n/a hasta 2.0.73. The Radio Player plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_players' function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to retrieve a list of radi... • https://patchstack.com/database/vulnerability/radio-player/wordpress-radio-player-plugin-2-0-73-unauthenticated-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •