Threat Entry Updated 2024-11-21

CVE-2024-4398 - Html5 Audio Player Plugin

The HTML5 Audio Player- Best WordPress Audio Player Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Html5 Audio Player

CVE-2024-4398

MEDIUM CVSS 6.4 2024-05-14

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-03-25

CVE-2023-0170 - Html5 Audio Player Plugin

The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

PLUGIN Html5 Audio Player

CVE-2023-0170

MEDIUM CVSS 5.4 2023-02-06

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-24412 - Html5 Audio Player Plugin

The Html5 Audio Player – Audio Player for WordPress plugin before 2.1.3 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode

PLUGIN Html5 Audio Player

CVE-2021-24412

MEDIUM CVSS 5.4 2021-10-18

Risk Score

Open Full Technical Breakdown