The WordPress Sonaar Music Plugin is affected by a stored XSS vulnerability that allows unauthenticated attackers to execute malicious scripts in user browsers.

This is a stored XSS vulnerability in the comment section. Unauthenticated attackers can inject malicious scripts via the wp-comments-post.php parameter, which then execute whenever a user views the affected playlist page.

This vulnerability can be used to hijack user sessions, steal session cookies, or redirect users to malicious sites, severely damaging user trust and site security. With a CVSS score of 7.2, the risk of widespread impact on visitors is significant.

Immediate Action: Update the Sonaar Music Plugin to the latest available version which contains the security patch.

Proactive Monitoring: Monitor comment sections for suspicious script tags or anomalous activity; review security logs for repeated requests to the comment submission endpoint.

Compensating Controls: Implement a Content Security Policy (CSP) to restrict script execution and utilize a WAF to filter malicious input from comment fields.

Public Exploit Available: true

Stored XSS vulnerabilities are highly effective for large-scale attacks on site visitors. Promptly applying the plugin update is the most effective way to protect users and maintain the integrity of the site's comment system.