CVE-2024-7721

CVE-2024-7721 affects the HTML5 Video Player – mp4 Video Player Plugin and Block for WordPress, where a missing capability check in the save_password function allows authenticated users with Subscriber-level access (and higher) to modify options not checked as false. Affected versions are up to 2...

CVE-2024-7727 HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.32 - Missing Authorization in multiple functions via h5vp_ajax_handler

The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions called via the 'h5vpajaxhandler' ajax action in all versions up to, and including, 2.5.32. This makes it possible fo...

PT-2024-38534 · WordPress · Html5 Video Player – Mp4 Video Player Plugin

Name of the Vulnerable Software and Affected Versions: The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress versions up to, and including, 2.5.34 Description: The issue is related to unauthorized modification of data due to a missing capability check on the save passwor...

PT-2024-38536 · WordPress · Html5 Video Player

Name of the Vulnerable Software and Affected Versions: HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress versions up to, and including, 2.5.32 Description: The issue is related to unauthorized access of data due to a missing capability check on multiple functions called...

CVE-2024-43319 WordPress HTML5 Video Player plugin <= 2.5.31 - Sensitive Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in bPlugins LLC Flash & HTML5 Video.This issue affects Flash & HTML5 Video: from n/a through 2.5.31...

CVE-2024-5522

The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...

CVE-2024-5522

The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...

CVE-2024-5522 HTML5 Video Player < 2.5.27 - Unauthenticated SQLi

The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...

CVE-2024-5522

Summary: CVE-2024-5522 affects the WordPress HTML5 Video Player plugin (

CVE-2024-5522 HTML5 Video Player < 2.5.27 - Unauthenticated SQLi

The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...

Exploit for SQL Injection in Bplugins Html5_Video_Player

CVE-2024-5522-Poc CVE-2024-5522 HTML5 Video Player = 2.5.2...

PT-2024-36495 · WordPress · Html5 Video Player

Name of the Vulnerable Software and Affected Versions: HTML5 Video Player WordPress plugin versions prior to 2.5.27 Description: The issue concerns a failure to sanitize and escape a parameter from a REST route before using it in a SQL statement. This allows unauthenticated users to perform SQL...

HTML5 Video Player < 2.5.27 - Unauthenticated SQLi

Description The plugin does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks % time curl "https://example.com/?restroute=/h5vp/v1/video/1&id=1'+OR+SELECT+1+FROM+SELECTSLEEP5xyz--+-"...

Html5 Video Player Plugin for WordPress < 2.5.25 SQL Injection

The WordPress Html5 Video Player Plugin installed on the remote host is affected by a SQL Injection via the id parameter used in the getview function which is accessible without authentication. Note that the scanner has not tested for these issues but has instead relied only on the application's...

VulnCheck KEV: CVE-2024-1061

The 'HTML5 Video Player' WordPress Plugin, version 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the 'getview' function...

CVE-2024-1061

The 'HTML5 Video Player' WordPress Plugin, version 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the 'getview' function...

Sql injection

The 'HTML5 Video Player' WordPress Plugin, version 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the 'getview' function...

CVE-2024-1061

The 'HTML5 Video Player' WordPress Plugin, version 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the 'getview' function...

CVE-2024-1061

CVE-2024-1061 describes an unauthenticated SQL injection in the WordPress plugin “HTML5 Video Player” through the id parameter in the get_view function. Affected software: WordPress HTML5 Video Player plugin versions less than 2.5.25. Root cause: unauthenticated SQL injection in the id parameter....

WordPress Plugin HTML5 Video Player SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...