CVE-2025-13999
- EPSS 0.1%
- Veröffentlicht 19.12.2025 06:48:23
- Zuletzt bearbeitet 19.12.2025 18:00:18
The HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions from 2.4.0 up to, and including, 2.5.1 via the getIcyMetadata() function. This makes it possib...
CVE-2025-39524
- EPSS 0.14%
- Veröffentlicht 16.04.2025 12:45:49
- Zuletzt bearbeitet 16.04.2025 13:25:37
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in bPlugins Html5 Audio Player allows Stored XSS. This issue affects Html5 Audio Player: from n/a through 2.2.28.
CVE-2024-37445
- EPSS 0.14%
- Veröffentlicht 22.07.2024 09:15:10
- Zuletzt bearbeitet 21.11.2024 09:23:51
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bPlugins Html5 Audio Player allows Stored XSS.This issue affects Html5 Audio Player: from n/a through 2.2.23.
CVE-2023-0170
- EPSS 0.2%
- Veröffentlicht 06.02.2023 20:15:13
- Zuletzt bearbeitet 25.03.2025 18:15:30
The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above t...
CVE-2021-24412
- EPSS 0.18%
- Veröffentlicht 18.10.2021 14:15:08
- Zuletzt bearbeitet 21.11.2024 05:53:01
The Html5 Audio Player – Audio Player for WordPress plugin before 2.1.3 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be trigge...