CVE-2025-48163: 
WordPress vulnerability analysis and mitigation

The vulnerability identified as CVE-2025-48163 affects the WordPress plugin SHOUT - HTML5 Radio Player With Ads (ShoutCast and IceCast Support) versions 3.5.4 and below. This security flaw was discovered by João Pedro S Alcântara (Kinorth) and was officially published on July 17, 2025. The vulnerability is classified as a Reflected Cross-Site Scripting (XSS) issue (Patchstack).

The vulnerability has been assigned a CVSS score of 7.1, indicating a medium severity level. It is classified under the OWASP Top 10 category A3: Injection, specifically as a Cross-Site Scripting (XSS) vulnerability. The vulnerability can be exploited without authentication, making it particularly concerning (Patchstack).

This vulnerability could enable malicious actors to inject harmful scripts, including redirects and unwanted advertisements, as well as other HTML payloads into affected websites. These malicious scripts would execute when visitors access the compromised site, potentially affecting user experience and security (Patchstack).

The vulnerability has been patched in version 3.5.5 of the plugin. Users are strongly advised to update to version 3.5.5 or later to resolve the security issue. Additionally, Patchstack has issued a virtual patch to mitigate this vulnerability by blocking potential attacks until users can update to the fixed version (Patchstack).