CVE-2021-24624

CVE-2021-24624: MP3 Audio Player for Music, Radio & Podcast by Sonaar < 2.4.2 - Multiple Admin+ Cross Site Scripting

Vendor Unknown
Product MP3 Audio Player for Music, Radio & Podcast by Sonaar
Weakness CWE-79 · XSS
Published November 1, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The MP3 Audio Player for Music, Radio & Podcast by Sonaar WordPress plugin before 2.4.2 does not properly sanitize or escape data in some of its Playlist settings, allowing high privilege users to perform Cross-Site Scripting attacks

Key dates

02Disclosure timeline

November 1, 2021 CVE published
August 3, 2024 Record updated