CVE-2024-13362 is a reflected cross-site scripting flaw in the Radio Player WordPress plugin affecting all versions at or below 2.0.82. The vendor shipped version 2.0.83 containing the fix on May 1 2026. Exploitation requires a victim to follow a crafted link, limiting but not eliminating practical risk. The blast radius is narrow — only sites running this specific plugin are affected — but WordPress plugin XSS flaws are a persistent vector for credential theft and admin-session hijacking. Plugin maintainers and site operators running Radio Player should update to 2.0.83 promptly.