cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-13156,https://securityvulnerability.io/vulnerability/CVE-2024-13156,DOM-Based Stored Cross-Site Scripting in HTML5 Video Player for WordPress,"The HTML5 Video Player plugin for WordPress is susceptible to DOM-Based Stored Cross-Site Scripting due to inadequate input sanitization and output escaping. Attackers with Contributor-level access or higher can exploit this vulnerability through the 'heading' parameter. By manipulating this parameter, they can inject harmful web scripts that execute whenever a user visits the compromised page, posing security risks to site users and potentially compromising their data.",Wordpress,Html5 Video Player – Mp4 Video Player Plugin And Block,6.4,MEDIUM,0.0006799999973736703,false,,false,false,false,false,false,false,2025-01-14T08:23:14.833Z,0
CVE-2024-7727,https://securityvulnerability.io/vulnerability/CVE-2024-7727,Unauthorized Access of Data in HTML5 Video Player Plugin,"The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions called via the 'h5vp_ajax_handler' ajax action in all versions up to, and including, 2.5.32. This makes it possible for unauthenticated attackers to call these functions to manipulate data.",Wordpress,Html5 Video Player – Mp4 Video Player Plugin And Block,5.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-09-11T04:31:20.937Z,0
CVE-2024-7721,https://securityvulnerability.io/vulnerability/CVE-2024-7721,Unauthorized Modification of Data in HTML5 Video Player Plugin,"The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_password' function in all versions up to, and including, 2.5.34. This makes it possible for authenticated attackers, with Subscriber-level access and above, to set any options that are not explicitly checked as false to an array, including enabling user registration if it has been disabled.",Wordpress,Html5 Video Player – Mp4 Video Player Plugin And Block,4.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-09-11T04:31:20.309Z,0