VYPR

HTML5 Video Player – mp4 Video Player Plugin and Block

by WordPress

CVEs (3)

  • CVE-2024-13156MedJan 14, 2025
    risk 0.35cvss 6.4epss 0.00

    The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘heading’ parameter in all versions up to, and including, 2.5.35 due to insufficient input sanitization and output escaping. This…

  • CVE-2024-7727MedSep 11, 2024
    risk 0.34cvss 5.3epss 0.00

    The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions called via the 'h5vp_ajax_handler' ajax action in all versions up to, and including, 2.5.32.…

  • CVE-2024-7721MedSep 11, 2024
    risk 0.28cvss 4.3epss 0.00

    The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_password' function in all versions up to, and including, 2.5.34. This makes it possible for…