Music Request Manager

music_request_manager

Vendor: Scriptonite • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-6019 1Scriptonite 1Music Request Manager Jun 17, 2026 Sep 12, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators
CVE-2024-6018 1Scriptonite 1Music Request Manager Jun 17, 2026 Sep 12, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browse...Show more The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsersShow less
CVE-2024-6017 1Scriptonite 1Music Request Manager Jun 17, 2026 Sep 12, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Music Request Manager WordPress plugin through 1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads...Show more The Music Request Manager WordPress plugin through 1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attackShow less