CVE-2024-5522

Summary: CVE-2024-5522 affects the WordPress HTML5 Video Player plugin (

CVE-2024-1061

CVE-2024-1061 describes an unauthenticated SQL injection in the WordPress plugin “HTML5 Video Player” through the id parameter in the get_view function. Affected software: WordPress HTML5 Video Player plugin versions less than 2.5.25. Root cause: unauthenticated SQL injection in the id parameter....

CVE-2024-7727

CVE-2024-7727 affects the HTML5 Video Player – mp4 Video Player Plugin and Block for WordPress. The root cause is a missing capability check in multiple functions called via the h5vp_ajax_handler AJAX action, affecting all versions up to 2.5.32 and enabling unauthenticated actors to manipulate da...

CVE-2023-6485

The CVE-2023-6485 entry concerns the Html5 Video Player WordPress plugin, affected in versions before 2.5.19. Root cause: the plugin does not sufficiently sanitize/escape some player settings and lacks proper capability checks. This enables Stored Cross-Site Scripting by authenticated users (e.g....

CVE-2024-7721

CVE-2024-7721 affects the HTML5 Video Player – mp4 Video Player Plugin and Block for WordPress, where a missing capability check in the save_password function allows authenticated users with Subscriber-level access (and higher) to modify options not checked as false. Affected versions are up to 2...

CVE-2024-43296

CVE-2024-43296: WordPress HTML5 Video Player (bPlugins Flash & HTML5 Video) has a Missing Authorization flaw affecting versions up to 2.5.30. Exploitation involves unauthorized access due to misconfigured access control, potentially exposing videos. CVSS v3.1 metrics indicate high impact to confi...