Primary

Context

HTML5 Audio Player WordPress Plugin Server-Side Request Forgery Vulnerability

Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability has been identified in the HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player plugin for WordPress. This vulnerability affects all versions from 2.4.0 prior to 2.5.1, and is present in the getIcyMetadata() function. The flaw allows unauthenticated attackers to make web requests to arbitrary locations from the web application, potentially querying and modifying information from internal services.

Impact

Exploitation of this vulnerability could allow unauthorized users to access internal services and manipulate data, leading to potential information disclosure or unauthorized changes.

Remediation

Users are advised to update the plugin to version 2.5.2 or a newer patched version.

Added: Dec 19, 2025, 7:26 AM

Updated: Dec 19, 2025, 7:26 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.1

remediation

7.7

relevance

1.6

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.1

remediation

7.7

relevance

1.6

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HTML5 Audio Player WordPress Plugin Server-Side Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating