CVE-2024-7727

The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions called via the 'h5vpajaxhandler' ajax action in all versions up to, and including, 2.5.32. This makes it possible fo...

WordPress Flash & HTML5 Video Plugin <= 2.5.32 is vulnerable to Broken Access Control

Software Flash & HTML5 Video Type Plugin Vulnerable versions = 2.5.32 Fixed in 2.5.33 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7727 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b5ae27e206ad Credits Lucio Sá Required...

PT-2024-38536 · WordPress · Html5 Video Player

Name of the Vulnerable Software and Affected Versions: HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress versions up to, and including, 2.5.32 Description: The issue is related to unauthorized access of data due to a missing capability check on multiple functions called...

PT-2024-30486 · Unknown · Flash & Html5 Video

Name of the Vulnerable Software and Affected Versions: Flash & HTML5 Video versions 2.5.31 and earlier Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where data that should be kept private is made accessible to individuals wh...

WordPress Flash & HTML5 Video Plugin <= 2.5.31 is vulnerable to Sensitive Data Exposure

Software Flash & HTML5 Video Type Plugin Vulnerable versions = 2.5.31 Fixed in 2.5.32 OWASP Top 10 A4: Insecure Design Classification Sensitive Data Exposure CVE CVE-2024-43319 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e3846f722ce9 Credits Ananda Dhakal Patchstack...

CVE-2023-41835

When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which...

CVE-2023-41835

When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which...

PT-2023-7509 · Atlassian +1 · Confluence +1

Name of the Vulnerable Software and Affected Versions: Apache Struts versions prior to 2.5.32 Apache Struts versions prior to 6.1.2.2 Apache Struts versions prior to 6.3.0.1 Confluence Data Center versions from 7.17.0 to 8.8.0 excluding 8.8.0 Confluence Data Center versions from 8.0.0 to 8.0.4...