| CVE-2026-39647 | WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 5.11 - Server Side Request Forgery (SSRF) vulnerability | sonaar | MP3 Audio Player for Music, Radio & Podcast by Sonaar | - | - | 2026-04-08 08:30:33 | Deep Dive |
| CVE-2026-1219 | MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 4.0 - 5.10 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure | sonaar | MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar | Medium | 5.3 | 2026-02-19 09:26:37 | Deep Dive |
| CVE-2026-1249 | MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 5.3 - 5.10 - Authenticated (Author+) Server-Side Request Forgery | sonaar | MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar | Medium | 5.0 | 2026-02-14 08:26:46 | Deep Dive |
| CVE-2025-13999 | HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player 2.4.0 - 2.5.1 - Unauthenticated Server-Side Request Forgery | bplugins | HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player | High | 7.2 | 2025-12-19 06:48:24 | Deep Dive |
| CVE-2025-9196 | Trinity Audio <= 5.21.0 - Unauthenticated Information Exposure | sergiotrinity | Trinity Audio – Text to Speech AI audio player to convert content into audio | Medium | 5.3 | 2025-10-11 07:25:57 | Deep Dive |
| CVE-2025-9886 | Trinity Audio <= 5.20.2 - Cross-Site Request Forgery | sergiotrinity | Trinity Audio – Text to Speech AI audio player to convert content into audio | Medium | 4.3 | 2025-10-04 03:33:32 | Deep Dive |
| CVE-2025-9952 | Trinity Audio <= 5.20.2 - Reflected Cross-Site Scripting | sergiotrinity | Trinity Audio – Text to Speech AI audio player to convert content into audio | Medium | 6.1 | 2025-10-04 03:33:31 | Deep Dive |
| CVE-2025-9203 | Media Player Addons for Elementor <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widget Fields | bplugins | Media Player Addons for Elementor – Audio and Video Widgets for Elementor | Medium | 6.4 | 2025-09-17 06:17:48 | Deep Dive |
| CVE-2010-20042 | Xion Audio Player ≤ 1.0.126 Unicode Stack Buffer Overflow | Xion | Audio Player | - | - | 2025-08-20 15:42:51 | Deep Dive |
| CVE-2025-48168 | WordPress Apollo - Sticky Full Width HTML5 Audio Player <= 3.4 - Cross Site Scripting (XSS) Vulnerability | LambertGroup | Apollo - Sticky Full Width HTML5 Audio Player | High | 7.1 | 2025-08-20 08:03:27 | Deep Dive |
| CVE-2025-54056 | WordPress Responsive HTML5 Audio Player PRO With Playlist <= 3.5.8 - Cross Site Scripting (XSS) Vulnerability | LambertGroup | Responsive HTML5 Audio Player PRO With Playlist | High | 7.1 | 2025-08-20 08:02:54 | Deep Dive |
| CVE-2025-7959 | Station Pro <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via width and height Parameters | marviorocha | Station Pro – Advanced Audio Streaming & Player for WordPress | Medium | 6.4 | 2025-07-24 09:22:23 | Deep Dive |
| CVE-2025-8071 | Mine CloudVod <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via audio Parameter | 995525477-1 | Mine CloudVod LMS | Medium | 6.4 | 2025-07-24 09:22:17 | Deep Dive |
| CVE-2025-5340 | Music Player for Elementor <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via album_buy_url Parameter | smartwpress | Music Player for Elementor – Audio Player & Podcast Player | Medium | 6.4 | 2025-06-03 11:22:25 | Deep Dive |
| CVE-2025-32287 | WordPress Responsive HTML5 Audio Player PRO With Playlist plugin <= 3.5.7 - SQL Injection Vulnerability | LambertGroup | Responsive HTML5 Audio Player PRO With Playlist | High | 8.5 | 2025-05-16 15:45:33 | Deep Dive |
| CVE-2025-32307 | WordPress Chameleon HTML5 Audio Player With/Without Playlist plugin <= 3.5.6 - SQL Injection Vulnerability | LambertGroup | Chameleon HTML5 Audio Player With/Without Playlist | High | 8.5 | 2025-05-16 15:45:29 | Deep Dive |
| CVE-2025-39524 | WordPress Html5 Audio Player plugin <= 2.2.28 - Cross Site Scripting (XSS) Vulnerability | bPlugins | Html5 Audio Player | Medium | 6.5 | 2025-04-16 12:45:49 | Deep Dive |
| CVE-2025-31400 | WordPress WS Audio Player plugin <= 1.1.8 - CSRF to Stored XSS vulnerability | icyleaf | WS Audio Player | High | 7.1 | 2025-04-09 16:10:00 | Deep Dive |
| CVE-2025-3431 | ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated Arbitrary File Download | ZoomIt | ZoomSounds - WordPress Wave Audio Player with Playlist | High | 7.5 | 2025-04-08 07:29:44 | Deep Dive |
| CVE-2025-0839 | ZoomSounds <= 6.91 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | ZoomIt | ZoomSounds - WordPress Wave Audio Player with Playlist | Medium | 6.4 | 2025-04-05 05:32:13 | Deep Dive |