VYPR

Html5 Video Player

by Socusoft

CVEs (5)

  • CVE-2019-25689HigApr 12, 2026
    risk 0.55cvss 8.4epss 0.00

    HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payload exceeding 997 bytes and paste it into the KEY CODE field in the Help…

  • CVE-2025-27005HigJan 22, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup HTML5 Video Player lbg-vp2-html5-bottom allows Reflected XSS.This issue affects HTML5 Video Player: from n/a through <= 5.3.5.

  • CVE-2024-13156MedJan 14, 2025
    risk 0.35cvss 6.4epss 0.00

    The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘heading’ parameter in all versions up to, and including, 2.5.35 due to insufficient input sanitization and output escaping. This…

  • CVE-2024-5522Jun 20, 2024
    risk 0.07cvss epss 0.03

    The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks

  • CVE-2023-6485Jan 1, 2024
    risk 0.00cvss epss 0.01

    The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting…