CVE-2023-4027
Radio Player <= 2.0.73 - Missing Authorization to Settings Update
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_settings function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to update plugin settings.
| CWE | CWE-862 |
| Vendor | princeahmed |
| Product | radio player – live shoutcast, icecast and any audio stream player |
| Published | Aug 17, 2024 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for princeahmed radio player – live shoutcast, icecast and any audio stream player
Be the first to know when new medium vulnerabilities affecting princeahmed radio player – live shoutcast, icecast and any audio stream player are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
princeahmed / Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player
0 ≤ 2.0.73
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc9f75d-f1a6-486b-b924-76ec618c5314?source=cve plugins.svn.wordpress.org: https://plugins.svn.wordpress.org/radio-player/tags/2.0.7/readme.txt plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/2942906/radio-player/trunk/includes/class-ajax.php plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3050056/radio-player/tags/2.0.74/includes/class-ajax.php?old=2986565&old_path=radio-player%2Ftags%2F2.0.73%2Fincludes%2Fclass-ajax.php
Credits
Alex Thomas