SQL Injection Vulnerability in HTML5 Video Player WordPress Plugin

CVE-2024-5522

Currently unrated 🤨

Key Information

Vendor: HTML5 Video Player
Status: Html5 Video Player
Vendor: CVE Published:; 20 June 2024

Badges

👾 Exploit Exists🔴 Public PoC📰 News Worthy

Summary

The CVE-2024-5522 vulnerability is a SQL injection vulnerability in the HTML5 Video Player WordPress plugin before version 2.5.27. This vulnerability allows unauthenticated users to perform SQL injection attacks. This has not been exploited in the wild and there is no information about ransomware groups exploiting it. However, it is important to address this vulnerability as it could have a significant impact on the affected systems.

Affected Version(s)

HTML5 Video Player < 2.5.27

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-5522
Created by geniuszlyy

News Articles

Refferences

https://wpscan.com/vulnerability/bc76ef95-a2a9-4185-8ed9-...

exploitvdb-entrytechnical-description

Timeline

🔴
Public PoC available
Oct 2, 2024
👾
Exploit known to exist
Oct 2, 2024
First article discovered by Pentest-Tools.com
Jul 18, 2024
Vulnerability published
Jun 20, 2024
Vulnerability Reserved
May 30, 2024

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)1 News Article(s)

Credit

Mayank Deshmukh

WPScan