CVE-2025-13999
CVE-2025-13999 is active: the WordPress plugin “HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player” is affected by a Server-Side Request Forgery (SSRF) in versions 2.4.0 through 2.5.1 via getIcyMetadata(). Attackers can make the application perform web requests to arbitrary loc...