MEDIUM
Sonaar
CVE published 2026-06-08
CVE-2023-54351
CVE-2023-54351 is a stored cross-site scripting (XSS) vulnerability in the WordPress Sonaar Music Plugin version 4.7. The vulnerability allows unauthenticated attackers to inject malicious scripts through the comment functionality. Attackers can submit JavaScript payloads in the comment parameter to wp-comments-post.php, which are stored and executed in the browsers of users viewing the affected playlist [truncated]