Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

sonaar — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting sonaar. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Sonaar is a digital asset management platform primarily used for organizing and distributing media content. Historically, vulnerabilities in Sonaar have included multiple remote code execution flaws, cross-site scripting (XSS) vulnerabilities, and privilege escalation issues. The platform has faced security incidents, including a 2022 vulnerability that allowed unauthorized access to user data through improper input validation. With nine CVEs recorded, Sonaar's security track record shows recurring issues in authentication mechanisms and file handling processes. The platform's exposure of sensitive data through misconfigured APIs has also been documented, highlighting ongoing challenges in secure development practices.

Top products by sonaar: MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar
CVE IDTitleCVSSSeverityPublished
CVE-2026-39647 WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 5.11 - Server Side Request Forgery (SSRF) vulnerability — MP3 Audio Player for Music, Radio & Podcast by SonaarCWE-918 5.4 Medium2026-04-08
CVE-2026-1219 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 4.0 - 5.10 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure — MP3 Audio Player – Music Player, Podcast Player & Radio by SonaarCWE-639 5.3 Medium2026-02-19
CVE-2026-1249 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 5.3 - 5.10 - Authenticated (Author+) Server-Side Request Forgery — MP3 Audio Player – Music Player, Podcast Player & Radio by SonaarCWE-918 5.0 Medium2026-02-14
CVE-2025-32235 WordPress MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin <= 5.9.4 - Broken Access Control vulnerability — MP3 Audio Player for Music, Radio & Podcast by SonaarCWE-862 4.3 Medium2025-04-04
CVE-2024-13157 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Podcast RSS Feed — MP3 Audio Player – Music Player, Podcast Player & Radio by SonaarCWE-79 6.4 Medium2025-01-31
CVE-2024-56266 WordPress MP3 Audio Player plugin <= 5.8 - Broken Access Control vulnerability — MP3 Audio Player for Music, Radio & Podcast by SonaarCWE-862 6.3 Medium2025-01-02
CVE-2024-10268 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via sonaar_audioplayer Shortcode — MP3 Audio Player – Music Player, Podcast Player & Radio by SonaarCWE-79 6.4 Medium2024-11-19
CVE-2024-7856 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.7.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion — MP3 Audio Player – Music Player, Podcast Player & Radio by SonaarCWE-862 8.1 High2024-08-29
CVE-2024-5664 MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via sonaar_audioplayer Shortcode — MP3 Audio Player – Music Player, Podcast Player & Radio by SonaarCWE-79 6.4 Medium2024-07-10

This page lists every published CVE security advisory associated with sonaar. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.