132 matches found
CVE-2024-7721 HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.34 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update
The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savepassword' function in all versions up to, and including, 2.5.34. This makes it possible for authenticated attackers, wit...
CVE-2024-7727 HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.32 - Missing Authorization in multiple functions via h5vp_ajax_handler
The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions called via the 'h5vpajaxhandler' ajax action in all versions up to, and including, 2.5.32. This makes it possible fo...
CVE-2024-7721 HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.34 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update
The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savepassword' function in all versions up to, and including, 2.5.34. This makes it possible for authenticated attackers, wit...
CVE-2024-7727 HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.32 - Missing Authorization in multiple functions via h5vp_ajax_handler
The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions called via the 'h5vpajaxhandler' ajax action in all versions up to, and including, 2.5.32. This makes it possible fo...
PT-2024-38534 · WordPress · Html5 Video Player – Mp4 Video Player Plugin
Name of the Vulnerable Software and Affected Versions: The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress versions up to, and including, 2.5.34 Description: The issue is related to unauthorized modification of data due to a missing capability check on the save passwor...
WordPress Flash & HTML5 Video Plugin <= 2.5.32 is vulnerable to Broken Access Control
Software Flash & HTML5 Video Type Plugin Vulnerable versions = 2.5.32 Fixed in 2.5.33 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7727 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b5ae27e206ad Credits Lucio Sá Required...
WordPress Flash & HTML5 Video Plugin <= 2.5.34 is vulnerable to Broken Access Control
Software Flash & HTML5 Video Type Plugin Vulnerable versions = 2.5.34 Fixed in 2.5.35 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7721 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 692106c3e036 Credits Lucio Sá Required...
PT-2024-38536 · WordPress · Html5 Video Player
Name of the Vulnerable Software and Affected Versions: HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress versions up to, and including, 2.5.32 Description: The issue is related to unauthorized access of data due to a missing capability check on multiple functions called...
CVE-2024-43319
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in bPlugins LLC Flash & HTML5 Video.This issue affects Flash & HTML5 Video: from n/a through 2.5.31...
CVE-2024-43319 WordPress HTML5 Video Player plugin <= 2.5.31 - Sensitive Data Exposure vulnerability
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in bPlugins LLC Flash & HTML5 Video.This issue affects Flash & HTML5 Video: from n/a through 2.5.31...
CVE-2024-43319
CVE-2024-43319 affects the WordPress HTML5 Video Player (Flash & HTML5 Video) plugin, vulnerable in versions
CVE-2024-43319 WordPress HTML5 Video Player plugin <= 2.5.31 - Sensitive Data Exposure vulnerability
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in bPlugins LLC Flash & HTML5 Video.This issue affects Flash & HTML5 Video: from n/a through 2.5.31...
WordPress plugin Flash & HTML5 Video 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An information disclosure vulnerability exists...
PT-2024-30486 · Unknown · Flash & Html5 Video
Name of the Vulnerable Software and Affected Versions: Flash & HTML5 Video versions 2.5.31 and earlier Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where data that should be kept private is made accessible to individuals wh...
WordPress Flash & HTML5 Video Plugin <= 2.5.31 is vulnerable to Sensitive Data Exposure
Software Flash & HTML5 Video Type Plugin Vulnerable versions = 2.5.31 Fixed in 2.5.32 OWASP Top 10 A4: Insecure Design Classification Sensitive Data Exposure CVE CVE-2024-43319 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e3846f722ce9 Credits Ananda Dhakal Patchstack...
CVE-2024-5522
The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...
CVE-2024-5522
The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...
CVE-2024-5522
Summary: CVE-2024-5522 affects the WordPress HTML5 Video Player plugin (
CVE-2024-5522 HTML5 Video Player < 2.5.27 - Unauthenticated SQLi
The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...
CVE-2024-5522 HTML5 Video Player < 2.5.27 - Unauthenticated SQLi
The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...