Description
The SoundRise Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on theironMusic_ajax() function in all versions up to, and including, 1.6.11. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
Published: 2025-03-14
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

The plugin’s onMusic_ajax() function lacks a capability check, allowing authenticated users with subscriber-level access or higher to modify arbitrary WordPress options. By changing settings such as the default registration role to administrator and enabling user registration, an attacker can create a new administrator account and thereby gain full site control. The flaw is a classic missing authorization issue, categorized as CWE-862.

Affected Systems

The vulnerability affects the SoundRise Music WordPress theme sold by IronTemplates. All releases up to version 1.6.11 are susceptible; the title indicates compatibility through 1.7, but the description limits it to 1.6.11, so any site running 1.6.11 or earlier must be considered at risk.

Risk and Exploitability

The CVSS score of 8.8 marks this flaw as high severity, yet the EPSS score indicates an exploitation probability of less than 1%, and it is not listed in the CISA KEV catalog. Attackers must first authenticate as a user with at least subscriber-level privileges, after which they can exploit the missing authorization check to elevate privileges. Because the flaw is confined to authenticated users, the attack vector is internal to the WordPress site.

Generated by OpenCVE AI on April 20, 2026 at 23:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update SoundRise Music to the latest patched release (1.7 or later).
  • Verify that the default registration role is set to a non‑administrator role and disable new user registration if not needed.
  • Implement additional role and capability reviews, ensuring that subscriber‑level users cannot modify site options via the plugin’s AJAX endpoint.

Generated by OpenCVE AI on April 20, 2026 at 23:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-6443 The SoundRise Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on theironMusic_ajax() function in all versions up to, and including, 1.6.11. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
History

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00054}

 epss

{'score': 0.00074}

Fri, 21 Mar 2025 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Irontemplates
Irontemplates soundrise
CPEs cpe:2.3:a:irontemplates:soundrise:*:*:*:*:*:wordpress:*:*
Vendors & Products Irontemplates
Irontemplates soundrise

Fri, 14 Mar 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 14 Mar 2025 05:30:00 +0000

Type Values Removed Values Added
Description The SoundRise Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on theironMusic_ajax() function in all versions up to, and including, 1.6.11. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
Title SoundRise Music <= 1.7 - Authenticated (Subscriber+) Arbitrary Options Update
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Irontemplates Soundrise
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:30:40.056Z

Reserved: 2025-03-07T18:51:02.725Z

Link: CVE-2025-2103

cve-icon Vulnrichment

Updated: 2025-03-14T15:08:47.470Z

cve-icon NVD

Status : Analyzed

Published: 2025-03-14T06:15:25.057

Modified: 2025-03-21T15:06:58.433

Link: CVE-2025-2103

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T23:45:21Z

Weaknesses