Cross-site Scripting Vulnerability in LambertGroup Responsive HTML5 Audio Player PRO
CVE-2025-54056

7.1HIGH

Key Information:

Vendor

WordPress
Status
Responsive Html5 Audio Player Pro With Playlist
Vendor
CVE Published:
20 August 2025

What is CVE-2025-54056?

An improper neutralization of input during web page generation vulnerability allows for reflected Cross-site Scripting (XSS) in LambertGroup's Responsive HTML5 Audio Player PRO With Playlist. This flaw, present in versions from n/a through 3.5.8, can be exploited to inject malicious scripts into web pages, potentially compromising user interactions and data integrity. It is crucial for users to apply appropriate security measures and ensure their plugins are up to date to mitigate the risks associated with this vulnerability.

Affected Version(s)

Responsive HTML5 Audio Player PRO With Playlist <= 3.5.8

References

https://patchstack.com/database/wordpress/plugin/lbg-audi...
vdb-entry

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

0xd4rk5id3 (Patchstack Alliance)
.