{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-22T10:44:46.319","vulnerabilities":[{"cve":{"id":"CVE-2026-1249","sourceIdentifier":"security@wordfence.com","published":"2026-02-14T09:16:11.850","lastModified":"2026-06-17T10:15:23.737","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Server-Side Request Forgery in versions 5.3 to 5.10 via the 'load_lyrics_ajax_callback' function. This makes it possible for authenticated attackers, with author level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."},{"lang":"es","value":"El plugin MP3 Audio Player – Music Player, Podcast Player & Radio de Sonaar para WordPress es vulnerable a falsificación de petición del lado del servidor en las versiones 5.3 a la 5.10 a través de la función 'load_lyrics_ajax_callback'. Esto permite a atacantes autenticados, con acceso de nivel de autor y superior, realizar peticiones web a ubicaciones arbitrarias originadas desde la aplicación web y puede utilizarse para consultar y modificar información de servicios internos."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"sonaar","product":"MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar","defaultStatus":"unaffected","versions":[{"version":"5.3","lessThanOrEqual":"5.10","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-17T15:36:27.482548Z","id":"CVE-2026-1249","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3453076/mp3-music-player-by-sonaar/trunk/sonaar-music.php","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/261aad1e-43fc-4927-a97d-85a001863023?source=cve","source":"security@wordfence.com"}]}}]}