WordPress plugin HTML5 Video Player with Playlist 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2025-16060 · Unknown · Sandeep Verma Html5 Video Player With Playlist

Name of the Vulnerable Software and Affected Versions: Sandeep Verma HTML5 Video Player with Playlist versions 2.50 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Reflected Cross-site Scripting XSS. This enables...

CVE-2024-1061

The 'HTML5 Video Player' WordPress Plugin, version 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the 'getview' function...

CVE-2024-13156

The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘heading’ parameter in all versions up to, and including, 2.5.35 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-13156 HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.35 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via heading Parameter

The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘heading’ parameter in all versions up to, and including, 2.5.35 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-13156 HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.35 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via heading Parameter

The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘heading’ parameter in all versions up to, and including, 2.5.35 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-13156

The CVE-2024-13156 issue affects the HTML5 Video Player – mp4 Video Player Plugin and Block for WordPress. In Connected Red Hat and Wordfence sources, the vulnerability is described as a DOM-Based Stored Cross-Site Scripting via the heading parameter, present in all versions up to 2.5.35. The vul...

WordPress plugin HTML5 Video Player 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

WordPress HTML5 Video Player – mp4 Video Player Plugin and Block plugin <= 2.5.35 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via heading Parameter vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via heading Parameter vulnerability discovered by Webbernaut in WordPress Plugin Flash & HTML5 Video versions = 2.5.35...

CVE-2024-43296

Missing Authorization vulnerability in bPlugins LLC Flash & HTML5 Video allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flash & HTML5 Video: from n/a through 2.5.30...

CVE-2024-43296

Missing Authorization vulnerability in bPlugins LLC Flash & HTML5 Video allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flash & HTML5 Video: from n/a through 2.5.30...

CVE-2024-43296

CVE-2024-43296: WordPress HTML5 Video Player (bPlugins Flash & HTML5 Video) has a Missing Authorization flaw affecting versions up to 2.5.30. Exploitation involves unauthorized access due to misconfigured access control, potentially exposing videos. CVSS v3.1 metrics indicate high impact to confi...

CVE-2024-43296 WordPress HTML5 Video Player plugin <= 2.5.30 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins LLC Flash & HTML5 Video allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flash & HTML5 Video: from n/a through 2.5.30...

CVE-2024-43296 WordPress HTML5 Video Player plugin <= 2.5.30 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins LLC Flash & HTML5 Video allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flash & HTML5 Video: from n/a through 2.5.30...

WordPress plugin Flash & HTML5 Video 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2024-7727

The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions called via the 'h5vpajaxhandler' ajax action in all versions up to, and including, 2.5.32. This makes it possible fo...

CVE-2024-7721

The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savepassword' function in all versions up to, and including, 2.5.34. This makes it possible for authenticated attackers, wit...

Exploit for SQL Injection in Bplugins Html5_Video_Player

CVE-2024-5522-PoC : HTML5 Video Player 2.5.27 - Unauthentica...

CVE-2024-7727

CVE-2024-7727 affects the HTML5 Video Player – mp4 Video Player Plugin and Block for WordPress. The root cause is a missing capability check in multiple functions called via the h5vp_ajax_handler AJAX action, affecting all versions up to 2.5.32 and enabling unauthenticated actors to manipulate da...

CVE-2024-7721

CVE-2024-7721 affects the HTML5 Video Player – mp4 Video Player Plugin and Block for WordPress, where a missing capability check in the save_password function allows authenticated users with Subscriber-level access (and higher) to modify options not checked as false. Affected versions are up to 2...