SQL Injection Vulnerability in HTML5 Video Player WordPress Plugin
CVE-2024-5522

Currently unrated

Key Information:

Vendor: Wordpress
Status: Html5 Video Player
Vendor: CVE Published:; 20 June 2024

Badges

👾 Exploit Exists🟡 Public PoC📰 News Worthy

Summary

The CVE-2024-5522 vulnerability is a SQL injection vulnerability in the HTML5 Video Player WordPress plugin before version 2.5.27. This vulnerability allows unauthenticated users to perform SQL injection attacks. This has not been exploited in the wild and there is no information about ransomware groups exploiting it. However, it is important to address this vulnerability as it could have a significant impact on the affected systems.

Affected Version(s)

HTML5 Video Player 0 < 2.5.27

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-5522 - Proof of Concept

CVE-2024-5522
Created by geniuszlyy

News Articles

References

https://wpscan.com/vulnerability/bc76ef95-a2a9-4185-8ed9-...

exploitvdb-entrytechnical-description

Timeline

🟡
Public PoC available
Oct 2, 2024
👾
Exploit known to exist
Oct 2, 2024
📰
First article discovered by Pentest-Tools.com
Jul 18, 2024
Vulnerability published
Jun 20, 2024
Vulnerability Reserved
May 30, 2024

Credit

Mayank Deshmukh

WPScan