Security Advisory

CVE-2026-1219

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-19 09:26:36

Last updated 2026-02-20 20:37:50

Assigner Wordfence

State PUBLISHED

Description

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 4.0 to 5.10 via the load_track_note_ajax due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view the contents of private posts.

← Browse all CVEs View on cve.org ↗