CVE-2024-10176

Published
View on NVD ↗
CVSS v3
6.4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT

Description

The Compact WP Audio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sc_embed_player shortcode in all versions up to, and including, 1.9.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Compact WP Audio Player
Compact WP Audio Player
<p>Compact WordPress Audio Player plugin is an HTML5 + Flash hybrid based wordpress plugin which can be used to embed an mp3 audio file on your WordPress post or page using a shortcode. The audio player is cute and compact and will play on all major browsers.</p> <p>This audio player plugin Supports .mp3 and .ogg file formats.</p> <p>The audio files that you embed using this plugin will work on all devices.</p> <h4>Features</h4> <ul> <li>The audio player is compact so it does not take a lot of real estate on your webpage</li> <li>HTML5 compatible so the audio files embedded with this plugin will play on iOS devices</li> <li>Works on all major browsers &#8211; IE7, IE8, IE9, Safari, Firefox, Chrome</li> <li>The audio player is responsive.</li> <li>If you do podcasting then this audio player can be used to embed the audio files on your WordPress posts or pages</li> <li>If you are selling audio files from your site then you can use this plugin to offer a preview</li> <li>Add the audio player to any post/page using shortcode</li> <li>Use autoplay option to play an audio/mp3 file as soon as the page loads</li> <li>Ability to specify both the mp3 and ogg version of your audio files. The plugin will play the appropriate one based on the device. </li> </ul> <p><span class="embed-youtube" style="text-align:center; display: block;"><iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/4eBIPqfZiss?version=3&#038;rel=1&#038;showsearch=0&#038;showinfo=1&#038;iv_load_policy=1&#038;fs=1&#038;hl=en-US&#038;autohide=2&#038;wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe></span></p> <p>More details can be found on the <a href="https://www.tipsandtricks-hq.com/wordpress-audio-music-player-plugin-4556" rel="nofollow ugc">Compact Audio Player Plugin Page</a></p> <h3>Usage</h3> <p>Use the following shortcode to embed an audio file anywhere on your site</p> <p>[sc_embed_player fileurl=&#8221;URL OF THE MP3 FILE&#8221;]</p> <p>Example shortcode:</p> <p>[sc_embed_player fileurl=&#8221;http://www.example.com/wp-content/uploads/my-music/mysong.mp3&#8243;]</p>
WordPress Plugin DirectoryWordPress Plugin Directory
666K