CVE-2025-53205: 
WordPress vulnerability analysis and mitigation

A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in LambertGroup Radio Player Shoutcast & Icecast plugin versions up to 4.4.7. The vulnerability was identified on June 11, 2025, and publicly disclosed on July 16, 2025 (Patchstack).

The vulnerability is classified as a Cross-Site Scripting (XSS) issue, falling under the OWASP Top 10 category A3: Injection. It received a CVSS score of 7.1 (Medium severity) and requires no authentication to exploit. The vulnerability was discovered by security researcher João Pedro S Alcântara (Kinorth) (Patchstack).

This vulnerability could allow malicious actors to inject harmful scripts, including redirects and unwanted advertisements, as well as other HTML payloads into the affected website. These malicious scripts would execute when visitors access the compromised site (Patchstack).

The vulnerability has been fixed in version 4.4.8 of the Radio Player Shoutcast & Icecast plugin. Website administrators are advised to update to version 4.4.8 or later immediately. Additionally, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).