CVE-2025-13999 | HTML5 Audio Player Plugin up to 2.4.0/2.5.1 on WordPress getIcyMetadata server-side request forgery

A vulnerability was found in HTML5 Audio Player Plugin up to 2.4.0/2.5.1 on WordPress and classified as critical. This vulnerability affects the function getIcyMetadata. Executing manipulation can lead to server-side request forgery.

This vulnerability is handled as CVE-2025-13999. The attack can be executed remotely. There is not any exploit available.