CVE-2026-1249
SSRF Vulnerability in Sonaar MP3 Audio Player Plugin
Publication date: 2026-02-14
Last updated on: 2026-02-14
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sonaar | mp3_audio_player | From 5.3 (inc) to 5.10 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the MP3 Audio Player β Music Player, Podcast Player & Radio by Sonaar WordPress plugin is a Server-Side Request Forgery (SSRF) issue affecting versions 5.3 to 5.10. It occurs via the 'load_lyrics_ajax_callback' function, allowing authenticated users with author-level access or higher to make web requests from the web application to arbitrary locations. This can be exploited to query and modify information from internal services that are otherwise not accessible.
How can this vulnerability impact me? :
This SSRF vulnerability can allow attackers with author-level access to make unauthorized web requests from the vulnerable WordPress site to internal or external systems. This can lead to unauthorized querying or modification of internal service information, potentially exposing sensitive data or enabling further attacks within the internal network.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability involves the 'load_lyrics_ajax_callback' function in the Sonaar MP3 Audio Player WordPress plugin versions 5.3 to 5.10, which allows authenticated users with author-level access or higher to perform server-side request forgery (SSRF). Detection can focus on monitoring AJAX requests to the plugin's endpoints, especially those invoking 'load_lyrics_ajax_callback'."}, {'type': 'paragraph', 'content': 'You can detect attempts by inspecting web server logs or using network monitoring tools to identify unusual or unauthorized AJAX requests originating from authenticated users with author or higher privileges.'}, {'type': 'paragraph', 'content': 'Suggested commands include searching web server logs for AJAX calls related to the plugin, for example:'}, {'type': 'list_item', 'content': "grep 'admin-ajax.php' /var/log/apache2/access.log | grep 'load_lyrics_ajax_callback'"}, {'type': 'list_item', 'content': "grep 'wp-admin/admin-ajax.php' /var/log/nginx/access.log | grep 'load_lyrics_ajax_callback'"}, {'type': 'paragraph', 'content': "Additionally, monitoring authenticated user activity with author-level or higher privileges for unusual requests to internal or external URLs via the plugin's AJAX endpoints can help detect exploitation attempts."}] [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Sonaar MP3 Audio Player WordPress plugin to version 5.11 or later, where the vulnerability has been addressed by adding rigorous input validation, enforcing permission checks, sanitizing outputs, and improving error handling in the AJAX callbacks.
If updating immediately is not possible, restrict author-level and higher user access to trusted users only, and monitor AJAX requests to the plugin endpoints for suspicious activity.
Additionally, consider implementing web application firewall (WAF) rules to block unauthorized AJAX requests targeting the vulnerable functions.