2026-02-19 09:26:36
Wordfence
PUBLISHED
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 4.0 to 5.10 via the load_track_note_ajax due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view the contents of private posts.