{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/audioigniter-plugin-for-wordpress--2.0.2/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["AudioIgniter plugin for WordPress \u003c= 2.0.2"],"_cs_severities":["medium"],"_cs_tags":["idor","wordpress","plugin","cve-2026-8679","vulnerability"],"_cs_type":"advisory","_cs_vendors":["WordPress"],"content_html":"\u003cp\u003eThe AudioIgniter plugin for WordPress, in versions up to and including 2.0.2, suffers from an Insecure Direct Object Reference (IDOR) vulnerability identified as CVE-2026-8679. This flaw resides within the \u003ccode\u003ehandle_playlist_endpoint()\u003c/code\u003e function, which is hooked to \u003ccode\u003etemplate_redirect\u003c/code\u003e. The function accepts a user-controlled playlist ID either through the \u003ccode\u003eaudioigniter_playlist_id\u003c/code\u003e query variable or via the \u003ccode\u003e/audioigniter/playlist/{id}/\u003c/code\u003e rewrite rule. The vulnerability stems from the lack of authentication, capability, or post status checks within this function, only validating the post type. Consequently, unauthenticated attackers can retrieve sensitive track metadata, including titles, artists, audio URLs, buy links, download URLs, and cover images, for any playlist on the site, even those marked as draft, private, pending, or trashed.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a WordPress site using the AudioIgniter plugin (\u0026lt;= 2.0.2).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious URL targeting the \u003ccode\u003e/audioigniter/playlist/{id}/\u003c/code\u003e endpoint or by providing the \u003ccode\u003eaudioigniter_playlist_id\u003c/code\u003e query parameter.\u003c/li\u003e\n\u003cli\u003eThe attacker guesses or discovers the ID of a playlist on the targeted WordPress site. This could be achieved through brute-force or by examining publicly accessible playlist pages.\u003c/li\u003e\n\u003cli\u003eThe attacker sends an HTTP GET request to the crafted URL, including the targeted playlist ID.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ehandle_playlist_endpoint()\u003c/code\u003e function processes the request without proper authorization checks.\u003c/li\u003e\n\u003cli\u003eThe function retrieves track metadata associated with the specified playlist ID from the WordPress database.\u003c/li\u003e\n\u003cli\u003eThe metadata, including titles, artists, audio URLs, buy links, download URLs, and cover images, is returned to the attacker in the HTTP response.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to sensitive playlist information, even for playlists that should be restricted.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-8679 allows unauthenticated attackers to access sensitive track metadata associated with any playlist on the vulnerable WordPress site. This includes information about draft, private, or trashed playlists that should not be publicly accessible. The exposure of audio URLs and download URLs could lead to unauthorized access and distribution of copyrighted content. The CVSS v3.1 base score for this vulnerability is 7.5, indicating a high severity. The number of affected sites is dependent on the adoption rate of the vulnerable AudioIgniter plugin version.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect AudioIgniter Playlist IDOR Attempt via URL\u003c/code\u003e to identify suspicious requests to the \u003ccode\u003e/audioigniter/playlist/{id}/\u003c/code\u003e endpoint (see \u0026ldquo;rules\u0026rdquo; section).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect AudioIgniter Playlist IDOR Attempt via Query Parameter\u003c/code\u003e to identify suspicious requests using the \u003ccode\u003eaudioigniter_playlist_id\u003c/code\u003e query parameter (see \u0026ldquo;rules\u0026rdquo; section).\u003c/li\u003e\n\u003cli\u003eUpgrade the AudioIgniter plugin to a version greater than 2.0.2 to patch CVE-2026-8679.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for requests to the \u003ccode\u003e/audioigniter/playlist/{id}/\u003c/code\u003e endpoint or using the \u003ccode\u003eaudioigniter_playlist_id\u003c/code\u003e query parameter with unusual playlist IDs (see \u0026ldquo;references\u0026rdquo; section for URL).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-22T09:18:13Z","date_published":"2026-05-22T09:18:13Z","id":"https://feed.craftedsignal.io/briefs/2026-05-audioigniter-idor/","summary":"The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference (CVE-2026-8679) in versions up to 2.0.2, allowing unauthenticated attackers to view track metadata of any playlist, regardless of its status.","title":"AudioIgniter WordPress Plugin Vulnerable to Insecure Direct Object Reference (CVE-2026-8679)","url":"https://feed.craftedsignal.io/briefs/2026-05-audioigniter-idor/"}],"language":"en","title":"CraftedSignal Threat Feed — AudioIgniter Plugin for WordPress \u003c= 2.0.2","version":"https://jsonfeed.org/version/1.1"}