5 matches found
CVE-2024-13156
The CVE-2024-13156 issue affects the HTML5 Video Player – mp4 Video Player Plugin and Block for WordPress. In Connected Red Hat and Wordfence sources, the vulnerability is described as a DOM-Based Stored Cross-Site Scripting via the heading parameter, present in all versions up to 2.5.35. The vul...
CVE-2024-7727
The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions called via the 'h5vpajaxhandler' ajax action in all versions up to, and including, 2.5.32. This makes it possible fo...
CVE-2024-7721 HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.34 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update
The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savepassword' function in all versions up to, and including, 2.5.34. This makes it possible for authenticated attackers, wit...
CVE-2024-7727 HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.32 - Missing Authorization in multiple functions via h5vp_ajax_handler
The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions called via the 'h5vpajaxhandler' ajax action in all versions up to, and including, 2.5.32. This makes it possible fo...
Simple MP4 Video Player - Base64 encoded String, Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Simple MP4 Video Player published at the 'play' market has multiple vulnerabilities...