Compact WP Audio Player <= 1.9.6 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability

Unauthenticated

Published
2021-09-14

The Compact WP Audio Player WordPress plugin before 1.9.7 does not implement nonce checks, which could allow attackers to make a logged in admin change the "Disable Simultaneous Play" setting via a CSRF attack.

CVE

https://www.cve.org/CVERecord?id=CVE-2021-24735

CVSS

Score:5.4

Severity:Medium

Version: 1.9.6

There is a patch available in v1.9.7 and we strongly recommend you update to this version as soon as possible.