CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30542 – WordPress WP SoundCloud Ultimate plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2025-30542
24 Mar 2025 — Cross-Site Request Forgery (CSRF) vulnerability in wpsolutions SoundCloud Ultimate allows Cross Site Request Forgery. This issue affects SoundCloud Ultimate: from n/a through 1.5. The SoundCloud Ultimate Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action granted they can trick a site administ... • https://patchstack.com/database/wordpress/plugin/soundcloud-ultimate/vulnerability/wordpress-wp-soundcloud-ultimate-plugin-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-57062
https://notcve.org/view.php?id=CVE-2024-57062
13 Mar 2025 — An issue in SoundCloud IOS application v.7.65.2 allows a local attacker to escalate privileges and obtain sensitive information via the session handling component. • http://soundcloud.com • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25936 – WordPress SoundCloud Shortcode plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-25936
26 Feb 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoundCloud Inc., Lawrie Malen SoundCloud Shortcode allows Stored XSS.This issue affects SoundCloud Shortcode: from n/a through 4.0.1. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en SoundCloud Inc., Lawrie Malen SoundCloud Shortcode permite almacenar XSS. Este problema afecta a SoundCloud Shortcode: desde n/a hasta 4.0.1. The SoundCl... • https://patchstack.com/database/vulnerability/soundcloud-shortcode/wordpress-soundcloud-shortcode-plugin-4-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34018 – WordPress SoundCloud Shortcode Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-34018
27 Nov 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoundCloud Inc. SoundCloud Shortcode allows Stored XSS.This issue affects SoundCloud Shortcode: from n/a through 3.1.0. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en SoundCloud Inc. SoundCloud Shortcode permite almacenar XSS. Este problema afecta a SoundCloud Shortcode: desde n/a hasta 3.1.0. • https://patchstack.com/database/vulnerability/soundcloud-shortcode/wordpress-soundcloud-shortcode-plugin-3-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32586 – WordPress SoundCloud Is Gold plugin <= 2.5.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-32586
11 May 2023 — Missing Authorization vulnerability in Thomas Michalak Soundcloud Is Gold allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Soundcloud Is Gold: from n/a through 2.5.1. The Soundcloud Is Gold plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the soundcloud_is_gold_add_user() function called via an AJAX action in versions up to, and including, 2.5.1. This makes it possible for authenticated attackers, with subs... • https://patchstack.com/database/wordpress/plugin/soundcloud-is-gold/vulnerability/wordpress-soundcloud-is-gold-plugin-2-5-1-broken-access-control?_s_id=cve • CWE-862: Missing Authorization •