CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34753 – WordPress Radio Player plugin <= 2.0.73 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-34753
Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73. Vulnerabilidad de falta de autorización en SoftLab Radio Player. Este problema afecta a Radio Player: desde n/a hasta 2.0.73. The Radio Player plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the render_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to render arbitrary radio players. • https://patchstack.com/database/vulnerability/radio-player/wordpress-radio-player-plugin-2-0-73-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33592 – WordPress Radio Player plugin <= 2.0.73 - Server Side Request Forgery (SSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-33592
Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73. Vulnerabilidad de Server-Side Request Forgery (SSRF) en SoftLab Radio Player. Este problema afecta a Radio Player: desde n/a hasta 2.0.73. The Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services. • https://patchstack.com/database/vulnerability/radio-player/wordpress-radio-player-plugin-2-0-73-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32506 – WordPress Radio Player plugin <= 2.0.73 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-32506
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en SoftLab Radio Player. Este problema afecta a Radio Player: desde n/a hasta 2.0.73. The Radio Player plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.0.73. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive information. • https://patchstack.com/database/vulnerability/radio-player/wordpress-radio-player-plugin-2-0-73-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29811 – WordPress Radio Player plugin <= 2.0.73 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29811
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoftLab Radio Player allows Stored XSS.This issue affects Radio Player: from n/a through 2.0.73. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en SoftLab Radio Player permite XSS almacenado. Este problema afecta a Radio Player: desde n/a hasta 2.0.73. The Radio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.73 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/radio-player/wordpress-radio-player-plugin-2-0-73-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2906 – WordPress Radio Player plugin <= 2.0.73 - Unauthenticated Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-2906
Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73. Vulnerabilidad de falta de autorización en SoftLab Radio Player. Este problema afecta a Radio Player: desde n/a hasta 2.0.73. The Radio Player plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_players' function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to retrieve a list of radio players. • https://patchstack.com/database/vulnerability/radio-player/wordpress-radio-player-plugin-2-0-73-unauthenticated-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •