High severity7.5NVD Advisory· Published Mar 7, 2025· Updated Apr 15, 2026

CVE-2024-10804

Description

The Ultimate Video Player WordPress & WooCommerce Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 10.0 via the content/downloader.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

Affected products

WordPress/Ultimate Video Player Wordpress Plugininferred
Range: <=10.0
Package: https://wordpress.org/plugins/ultimate-video-player-wordpress-plugin

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

codecanyon.net/item/ultimate-video-player-wordpress-plugin/8374433nvd
www.wordfence.com/threat-intel/vulnerabilities/id/5394abc6-836f-4b22-a7b6-79d092b93a7envd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000