cleantalk
Vulnerabilities and Security Researches

Html5 Audio Player – Audio Player for WordPress, CVE-2021-24412

CVE, Research URL

CVE-2021-24412

Home page URL

Security reports for Html5 Audio Player – Audio Player for WordPress

Application

Html5 Audio Player – Audio Player for WordPress

Published on
Oct 18, 2021
Research Description
The Html5 Audio Player – Audio Player for WordPress plugin before 2.1.3 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode
Affected versions
Min -, max 2.1.3.
Status
vulnerable
Previous vulnerability researches
Html5 Audio Player – Audio Player for WordPress (CVE-2025-39524) , Apr 18, 2025
Html5 Audio Player – Audio Player for WordPress (CVE-2024-37445) , Jul 02, 2024
Html5 Audio Player – Audio Player for WordPress (CVE-2024-4398) , Jun 07, 2024
Html5 Audio Player – Audio Player for WordPress (CVE-2021-24412) , Jun 07, 2024
Html5 Audio Player – Audio Player for WordPress (CVE-2023-0170) , Jun 07, 2024
New vulnerability
WordPress Job Board and Recruitment Plugin – JobWP (CVE-2025-2010) , Apr 20, 2025
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025
Contact Form vCard Generator (CVE-2025-39521) , Apr 20, 2025