CVE-2024-1061

HIGH EXPLOITED NUCLEI

Bplugins Html5 Video Player < 2.5.25 - SQL Injection

Title source: rule

Description

The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the 'get_view' function.

Nuclei Templates (1)

WordPress HTML5 Video Player - SQL Injection

CRITICALVERIFIEDby xxcdd

FOFA: "wordpress" && body="html5-video-player"

References (1)

[Exploit, Third Party Advisory] https://www.tenable.com/security/research/tra-2024-02

Scores

CVSS v3 8.6

EPSS 0.8337

EPSS Percentile 99.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Details

VulnCheck KEV 2024-02-14

CWE

CWE-89

Status published

Products (1)

bplugins/html5_video_player < 2.5.25

Published Jan 30, 2024

Tracked Since Feb 18, 2026