Vulnerabilities (CVE)

Filtered by vendor Bplugins Subscribe
Filtered by product Html5 Video Player
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-1061 1 Bplugins 1 Html5 Video Player 2024-11-21 N/A 8.6 HIGH
The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the  'get_view' function.
CVE-2024-43296 1 Bplugins 1 Html5 Video Player 2024-11-13 N/A 8.8 HIGH
Missing Authorization vulnerability in bPlugins LLC Flash & HTML5 Video allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flash & HTML5 Video: from n/a through 2.5.30.
CVE-2024-7727 1 Bplugins 1 Html5 Video Player 2024-09-18 N/A 5.3 MEDIUM
The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions called via the 'h5vp_ajax_handler' ajax action in all versions up to, and including, 2.5.32. This makes it possible for unauthenticated attackers to call these functions to manipulate data.
CVE-2024-7721 1 Bplugins 1 Html5 Video Player 2024-09-18 N/A 4.3 MEDIUM
The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_password' function in all versions up to, and including, 2.5.34. This makes it possible for authenticated attackers, with Subscriber-level access and above, to set any options that are not explicitly checked as false to an array, including enabling user registration if it has been disabled.