CVE-2026-1249 | MP3 Audio Player Plugin up to 5.3/5.10 on WordPress load_lyrics_ajax_callback server-side request forgery

Inserito da Angelo Barbosa | Feb 13, 2026 | CVE

A vulnerability identified as critical has been detected in MP3 Audio Player Plugin up to 5.3/5.10 on WordPress. This affects the function load_lyrics_ajax_callback. This manipulation causes server-side request forgery.

This vulnerability is handled as CVE-2026-1249. The attack can be initiated remotely. There is not any exploit available.

CVE-2026-1249 | MP3 Audio Player Plugin up to 5.3/5.10 on WordPress load_lyrics_ajax_callback server-side request forgery

Post correlati

CVE-2024-2318 | ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028 Service Port 9999 /pro/common/download fileName path traversal

CVE-2024-36573 | almela obx up to 0.0.3 obx/build/index.js prototype pollution

CVE-2024-49327 | Asep Bagja Priandana Woostagram Connect Plugin up to 1.0.2 on WordPress unrestricted upload

CVE-2024-6929 | Dynamic Featured Image Plugin up to 3.7.0 on WordPress dfiFeatured cross site scripting