{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-11T15:12:09.565","vulnerabilities":[{"cve":{"id":"CVE-2025-39524","sourceIdentifier":"audit@patchstack.com","published":"2025-04-16T13:15:45.763","lastModified":"2026-04-23T15:29:43.557","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in bPlugins Html5 Audio Player html5-audio-player allows Stored XSS.This issue affects Html5 Audio Player: from n/a through <= 2.2.28."},{"lang":"es","value":"Vulnerabilidad de neutralización incorrecta de etiquetas HTML relacionadas con scripts en una página web (XSS básico) en bPlugins Html5 Audio Player permite XSS Almacenado. Este problema afecta al Reproductor de Audio HTML5 desde la versión n/d hasta la 2.2.28."}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":3.7}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-80"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/html5-audio-player/vulnerability/wordpress-html5-audio-player-2-2-28-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}}]}