CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43296 – WordPress HTML5 Video Player plugin <= 2.5.30 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-43296
16 Aug 2024 — Missing Authorization vulnerability in bPlugins LLC Flash & HTML5 Video allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flash & HTML5 Video: from n/a through 2.5.30. The Flash & HTML5 Video plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in versions up to, and including, 2.5.30. This makes it possible for authenticated attackers, with subscriber-level access and above, to update views, create thumb... • https://patchstack.com/database/vulnerability/html5-video-player/wordpress-html5-video-player-plugin-2-5-30-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43319 – WordPress HTML5 Video Player plugin <= 2.5.31 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-43319
16 Aug 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in bPlugins LLC Flash & HTML5 Video.This issue affects Flash & HTML5 Video: from n/a through 2.5.31. The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.31 via the h5vp_export_data() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract potentially sensitive inf... • https://patchstack.com/database/vulnerability/html5-video-player/wordpress-html5-video-player-plugin-2-5-31-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2014-4534 – HTML5 Video Player with Playlist <= 2.4.0 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-4534
25 May 2014 — Multiple cross-site scripting (XSS) vulnerabilities in videoplayer/autoplay.php in the HTML5 Video Player with Playlist plugin 2.4.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) theme or (2) playlistmod parameter. Múltiples vulnerabilidades de XSS en videoplayer/autoplay.php en el plugin HTML5 Video Player with Playlist 2.4.0 y anteriores para WordPress permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del pará... • http://codevigilant.com/disclosure/wp-plugin-html5-video-player-with-playlist-a3-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •