Medium severity5.3NVD Advisory· Published Sep 11, 2024· Updated Jun 17, 2026
CVE-2024-7727
CVE-2024-7727
Description
The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions called via the 'h5vp_ajax_handler' ajax action in all versions up to, and including, 2.5.32. This makes it possible for unauthenticated attackers to call these functions to manipulate data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=2.5.32
- bplugins/HTML5 Video Player – Embed and Play Videos in Custom Playerv5Range: 0
Patches
Vulnerability mechanics
References
4- plugins.trac.wordpress.org/changeset/3139559/nvdPatch
- www.wordfence.com/threat-intel/vulnerabilities/id/908df18e-7178-4d40-becb-86e1a714a7danvdThird Party Advisory
- plugins.trac.wordpress.org/browser/html5-video-player/trunk/inc/Model/Ajax.phpnvdIssue Tracking
- plugins.trac.wordpress.org/browser/html5-video-player/trunk/inc/Model/ImportData.phpnvdIssue Tracking
News mentions
0No linked articles in our index yet.