EUVD-2024-48604

Malicious code in bioql PyPI...

EUVD-2024-40211

Malicious code in bioql PyPI...

CVE-2024-43319

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in bPlugins LLC Flash & HTML5 Video.This issue affects Flash & HTML5 Video: from n/a through 2.5.31...

CVE-2024-7721

The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savepassword' function in all versions up to, and including, 2.5.34. This makes it possible for authenticated attackers, wit...

CVE-2024-7727

The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions called via the 'h5vpajaxhandler' ajax action in all versions up to, and including, 2.5.32. This makes it possible fo...

CVE-2024-5522

The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...

CVE-2024-13156

The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘heading’ parameter in all versions up to, and including, 2.5.35 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-43296

Missing Authorization vulnerability in bPlugins LLC Flash & HTML5 Video allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flash & HTML5 Video: from n/a through 2.5.30...

CVE-2023-6485

The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting attacks against hi...

CVE-2025-27343

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Webilop WooCommerce HTML5 Video woocommerce-html5-video allows Reflected XSS.This issue affects WooCommerce HTML5 Video: from n/a through = 1.7.10...

CVE-2025-27343

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Webilop WooCommerce HTML5 Video woocommerce-html5-video allows Reflected XSS.This issue affects WooCommerce HTML5 Video: from n/a through = 1.7.10...

CVE-2025-27343

CVE-2025-27343 affects WordPress WooCommerce HTML5 Video plugin (versions n/a–1.7.10). Root cause: improper input handling enabling Reflected XSS in web page generation. CVSSv3.1 base score 7.1 (HIGH); attack vector NETWORK, complexity LOW, privileges NONE, user interaction REQUIRED, confidential...

CVE-2025-27343 WordPress WooCommerce HTML5 Video Plugin <= 1.7.10 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Webilop WooCommerce HTML5 Video woocommerce-html5-video allows Reflected XSS.This issue affects WooCommerce HTML5 Video: from n/a through = 1.7.10...

CVE-2025-27343 WordPress WooCommerce HTML5 Video Plugin <= 1.7.10 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Webilop WooCommerce HTML5 Video woocommerce-html5-video allows Reflected XSS.This issue affects WooCommerce HTML5 Video: from n/a through = 1.7.10...

PT-2025-17074 · Unknown · Woocommerce Html5 Video

Name of the Vulnerable Software and Affected Versions: WooCommerce HTML5 Video versions 1.7.10 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This means an attacker can...

WordPress plugin WooCommerce HTML5 Video 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

CVE-2025-32536

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sandeep Verma HTML5 Video Player with Playlist html5-video-player-with-playlist allows Reflected XSS.This issue affects HTML5 Video Player with Playlist: from n/a through = 2.50...

CVE-2025-32536

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sandeep Verma HTML5 Video Player with Playlist html5-video-player-with-playlist allows Reflected XSS.This issue affects HTML5 Video Player with Playlist: from n/a through = 2.50...

CVE-2025-32536 WordPress HTML5 Video Player with Playlist Plugin <= 2.50 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sandeep Verma HTML5 Video Player with Playlist allows Reflected XSS. This issue affects HTML5 Video Player with Playlist: from n/a through 2.50...

CVE-2025-32536

CVE-2025-32536 refers to a Reflected Cross-Site Scripting vulnerability in the HTML5 Video Player with Playlist WordPress plugin. The vulnerability affects the plugin version range up to 2.50 (HTML5 Video Player with Playlist). The root cause, as stated in connected documentation, is improper inp...