CVE-2023-54351

WordPress Sonaar Music Plugin 4.7 Stored XSS via Comments

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79

WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the comment functionality. Attackers can submit JavaScript payloads in the comment parameter to wp-comments-post.php which are stored and executed in the browsers of users viewing the affected playlist pages.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Affected products

Sonaar · Sonaar Music Plugin

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/51739unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.exploit-db.com/exploits/51739 https://www.vulncheck.com/advisories/wordpress-sonaar-music-plugin-stored-xss-via-comments