VYPR

Html5 Video Player

by WordPress

Source repositories

CVEs (4)

  • CVE-2024-1061HigJan 30, 2024
    risk 0.57cvss 8.6epss 0.11

    The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the  'get_view' function.

  • CVE-2024-5522MedJun 20, 2024
    risk 0.42cvss 6.5epss 0.03

    The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks

  • CVE-2024-13156MedJan 14, 2025
    risk 0.35cvss 6.4epss 0.00

    The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘heading’ parameter in all versions up to, and including, 2.5.35 due to insufficient input sanitization and output escaping. This…

  • CVE-2023-6485MedJan 1, 2024
    risk 0.35cvss 5.4epss 0.01

    The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting…