Html5 Video Player
by WordPress
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-1061 | Hig | 0.57 | 8.6 | 0.11 | Jan 30, 2024 | The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the 'get_view' function. | ||
| CVE-2024-5522 | Med | 0.42 | 6.5 | 0.03 | Jun 20, 2024 | The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks | ||
| CVE-2024-13156 | Med | 0.35 | 6.4 | 0.00 | Jan 14, 2025 | The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘heading’ parameter in all versions up to, and including, 2.5.35 due to insufficient input sanitization and output escaping. This… | ||
| CVE-2023-6485 | Med | 0.35 | 5.4 | 0.01 | Jan 1, 2024 | The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting… |
- risk 0.57cvss 8.6epss 0.11
The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the 'get_view' function.
- risk 0.42cvss 6.5epss 0.03
The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
- risk 0.35cvss 6.4epss 0.00
The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘heading’ parameter in all versions up to, and including, 2.5.35 due to insufficient input sanitization and output escaping. This…
- risk 0.35cvss 5.4epss 0.01
The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting…