CVE-2024-7856

NVD Published Date: August 29, 2024 at 11:15 AM
NVD Last Modified: August 29, 2024 at 01:25 PM
Download Patch
Vulnerability ID
CVE-2024-7856
Severity
CRITICAL
Severity Score
9.1
Summary
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a missing capability check on the removeTempFiles() function and insufficient path validation on the 'file' parameter in all versions up to, and including, 5.7.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary files which can make remote code execution possible when wp-config.php is deleted.
Mitigation and Patches
-
Exploits
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CWE ID
CWE-862

Recent Publish

CVE-2024-29726

CVE-2024-29723

CVE-2024-5987

CVE-2024-5622

CVE-2024-5624

CVE-2024-38303

See SecOps Solution
in action

Schedule Demo