Exploit for SQL Injection in Bplugins Html5_Video_Player

CVE-2024-5522-Poc CVE-2024-5522 HTML5 Video Player = 2.5.2...

WordPress HTML5 Video Player plugin < 2.5.27 - Unauthenticated SQLi vulnerability

Unauthenticated SQLi vulnerability discovered by Mayank Deshmukh in WordPress Plugin Flash & HTML5 Video versions 2.5.27...

PT-2024-36495 · WordPress · Html5 Video Player

Name of the Vulnerable Software and Affected Versions: HTML5 Video Player WordPress plugin versions prior to 2.5.27 Description: The issue concerns a failure to sanitize and escape a parameter from a REST route before using it in a SQL statement. This allows unauthenticated users to perform SQL...

WordPress Flash & HTML5 Video Plugin < 2.5.27 is vulnerable to SQL Injection

Software Flash & HTML5 Video Type Plugin Vulnerable versions 2.5.27 Fixed in 2.5.27 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5522 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID a6949d7fc215 Credits Mayank Deshmukh Required privilege...

HTML5 Video Player < 2.5.27 - Unauthenticated SQLi

Description The plugin does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks % time curl "https://example.com/?restroute=/h5vp/v1/video/1&id=1'+OR+SELECT+1+FROM+SELECTSLEEP5xyz--+-"...

Html5 Video Player Plugin for WordPress < 2.5.25 SQL Injection

The WordPress Html5 Video Player Plugin installed on the remote host is affected by a SQL Injection via the id parameter used in the getview function which is accessible without authentication. Note that the scanner has not tested for these issues but has instead relied only on the application's...

VulnCheck KEV: CVE-2024-1061

The 'HTML5 Video Player' WordPress Plugin, version 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the 'getview' function...

WordPress Flash & HTML5 Video Plugin < 2.5.25 is vulnerable to SQL Injection

Software Flash & HTML5 Video Type Plugin Vulnerable versions 2.5.25 Fixed in 2.5.25 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1061 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 417a838d6795 Credits Joshua Martinelle Required privilege...

CVE-2024-1061

The 'HTML5 Video Player' WordPress Plugin, version 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the 'getview' function...

Sql injection

The 'HTML5 Video Player' WordPress Plugin, version 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the 'getview' function...

CVE-2024-1061

CVE-2024-1061 describes an unauthenticated SQL injection in the WordPress plugin “HTML5 Video Player” through the id parameter in the get_view function. Affected software: WordPress HTML5 Video Player plugin versions less than 2.5.25. Root cause: unauthenticated SQL injection in the id parameter....

CVE-2024-1061

The 'HTML5 Video Player' WordPress Plugin, version 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the 'getview' function...

WordPress Plugin HTML5 Video Player SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

CVE-2023-6485

The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting attacks against hi...

CVE-2023-6485

The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting attacks against hi...

CVE-2023-6485 Html5 Video Player < 2.5.19 - Subscriber+ Stored XSS

The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting attacks against hi...

CVE-2023-6485

The CVE-2023-6485 entry concerns the Html5 Video Player WordPress plugin, affected in versions before 2.5.19. Root cause: the plugin does not sufficiently sanitize/escape some player settings and lacks proper capability checks. This enables Stored Cross-Site Scripting by authenticated users (e.g....

PT-2024-14965 · WordPress · Html5 Video Player

Name of the Vulnerable Software and Affected Versions: Html5 Video Player WordPress plugin versions prior to 2.5.19 Description: The issue arises from the Html5 Video Player WordPress plugin not sanitizing and escaping some of its player settings, combined with missing capability checks around th...

WordPress Plugin Html5 Video Player Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Html5 Video Player < 2.5.19 - Subscriber+ Stored XSS

Description The plugin does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting attacks against high privilege users like admins...