55 matches found
WordPress HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player plugin <= 2.2.27 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Html5 Audio Player versions = 2.2.27...
CVE-2025-13999
The HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions from 2.4.0 up to, and including, 2.5.1 via the getIcyMetadata function. This makes it possible for unauthenticated attackers to make web...
WordPress HTML5 Audio Player plugin 2.4.0-2.5.1 - Unauthenticated Server-Side Request Forgery vulnerability
Unauthenticated Server-Side Request Forgery vulnerability discovered by kr0d in WordPress Plugin Html5 Audio Player versions 2.4.0-2.5.1...
CVE-2025-13999
The HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions from 2.4.0 up to, and including, 2.5.1 via the getIcyMetadata function. This makes it possible for unauthenticated attackers to make web...
CVE-2025-13999 HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player 2.4.0 - 2.5.1 - Unauthenticated Server-Side Request Forgery
The HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions from 2.4.0 up to, and including, 2.5.1 via the getIcyMetadata function. This makes it possible for unauthenticated attackers to make web...
CVE-2025-13999
CVE-2025-13999 is active: the WordPress plugin “HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player” is affected by a Server-Side Request Forgery (SSRF) in versions 2.4.0 through 2.5.1 via getIcyMetadata(). Attackers can make the application perform web requests to arbitrary loc...
CVE-2025-13999 HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player 2.4.0 - 2.5.1 - Unauthenticated Server-Side Request Forgery
The HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions from 2.4.0 up to, and including, 2.5.1 via the getIcyMetadata function. This makes it possible for unauthenticated attackers to make web...
PT-2025-52419
Name of the Vulnerable Software and Affected Versions HTML5 Audio Player WordPress Plugin versions 2.4.0 through 2.5.1 Description The HTML5 Audio Player WordPress Plugin is susceptible to a Server-Side Request Forgery SSRF condition. This allows unauthenticated attackers to initiate web requests...
EUVD-2021-11324
Malware in sbrugna...
EUVD-2016-0807
Malware in sbrugna...
EUVD-2024-44029
Malicious code in bioql PyPI...
EUVD-2023-12259
Malicious code in bioql PyPI...
EUVD-2025-15487
Malicious code in bioql PyPI...
EUVD-2025-11332
Malicious code in bioql PyPI...
EUVD-2024-36670
Malicious code in bioql PyPI...
WordPress Responsive HTML5 Audio Player PRO With Playlist <= 3.5.8 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Responsive HTML5 Audio Player PRO With Playlist versions = 3.5.8...
CVE-2024-37445
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in bPlugins Html5 Audio Player allows Stored XSS.This issue affects Html5 Audio Player: from n/a through 2.2.23...
CVE-2023-0170
The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2021-24412
The Html5 Audio Player – Audio Player for WordPress plugin before 2.1.3 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious...
CVE-2016-0796
WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files is prone to multiple vulnerabilities, including open proxy and security bypass vulnerabilities because it fails to properly verify user-supplied input. An attacker may leverage these issues to hide attacks directed at a...