CVE Catalog

CVE-2023-54351

HighCVSS 7.2
Published: Updated: Translated: NVD NIST

Summary

The Sonaar Music plugin for WordPress version 4.7 contains a stored XSS vulnerability that allows unauthenticated attackers to inject malicious scripts through the comment functionality. Attackers can submit JavaScript payloads in the comment parameter to wp-comments-post.php, which are stored and executed in the browsers of users viewing the affected playlist pages.

Risk Assessment

This vulnerability poses a risk of executing malicious code in users' browsers, potentially leading to data theft or session hijacking. Organizations using this plugin should be aware of the potential security threats to their users.

Recommendation

It is recommended to update the Sonaar Music plugin to the latest version to mitigate this vulnerability. Additionally, consider implementing filters and protections for comments to minimize the risk of XSS attacks.

Original NVD description (English source)

WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the comment functionality. Attackers can submit JavaScript payloads in the comment parameter to wp-comments-post.php which are stored and executed in the browsers of users viewing the affected playlist pages.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS