SQL Injection Vulnerability in HTML5 Video Player WordPress Plugin
CVE-2024-5522

Currently unrated

Key Information:

Vendor
Wordpress
Status
Html5 Video Player
Vendor
CVE Published:
20 June 2024

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 70%πŸ“° News Worthy

Summary

The CVE-2024-5522 vulnerability is a SQL injection vulnerability in the HTML5 Video Player WordPress plugin before version 2.5.27. This vulnerability allows unauthenticated users to perform SQL injection attacks. This has not been exploited in the wild and there is no information about ransomware groups exploiting it. However, it is important to address this vulnerability as it could have a significant impact on the affected systems.

Affected Version(s)

HTML5 Video Player 0 < 2.5.27

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-5522 - Proof of Concept

CVE-2024-5522
Created by geniuszlyy

News Articles

References

https://wpscan.com/vulnerability/bc76ef95-a2a9-4185-8ed9-...
exploitvdb-entrytechnical-description

EPSS Score

70% chance of being exploited in the next 30 days.

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by Pentest-Tools.com

  • Vulnerability published

  • Vulnerability Reserved

Credit

Mayank Deshmukh
WPScan
.