On August 4th, 2024, we received a submission for an Arbitrary File Deletion vulnerability in MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar, a WordPress plugin with over 20,000 active installations. This vulnerability can be leveraged by attackers to delete critical files like wp-config.php which can lead to remote code execution by authenticated attackers with minimal permissions such as subscribers.
The post Critical Arbitrary File Deletion Vulnerability in MP3 Audio Player WordPress Plugin Affects Over 20,000 Sites appeared first on Wordfence.
This article has been indexed from Blog – Wordfence