CVE-2023-54351
Severity CVSS v4.0:
MEDIUM
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
08/06/2026
Last modified:
08/06/2026
Description
WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the comment functionality. Attackers can submit JavaScript payloads in the comment parameter to wp-comments-post.php which are stored and executed in the browsers of users viewing the affected playlist pages.
Impact
Base Score 4.0
5.10
Severity 4.0
MEDIUM
Base Score 3.x
7.20
Severity 3.x
HIGH



