Sonaar MP3 Audio Player – Music Player, Podcast Player & Radio
Moderate fix1 remedy
cpe:2.3:a:sonaar:mp3_audio_player_for_music,_radio_&_podcast:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- >= 5.3, <= 5.10
MP3 Audio Player by Sonaar WordPress Plugin Server-Side Request Forgery Vulnerability
Vulnerability
Patched
A Server-Side Request Forgery (SSRF) vulnerability has been identified in the MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress, affecting versions 5.3 to 5.10. The vulnerability arises in the 'load_lyrics_ajax_callback' function, where authenticated attackers with author-level access can send web requests to arbitrary locations. This could be exploited to query and modify information from internal services.
Impact
Exploitation of this vulnerability allows authenticated attackers to make requests to internal services, potentially leading to unauthorized information access or modification.
Remediation
Users are advised to update the plugin to version 5.11 or a newer patched version.
Added: Feb 14, 2026, 9:25 AM
Updated: Feb 14, 2026, 9:25 AM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
1.9exploitability
5.5remediation
7.7relevance
3.0threat
3.2urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.