Unauthenticated Access Control Flaw in HTML5 Video Player by Flash
CVE-2026-57323

5.8MEDIUM

Key Information:

Vendor: WordPress
Status: Flash & Html5 Video
Vendor: CVE Published:; 26 June 2026

What is CVE-2026-57323?

A significant vulnerability exists in the HTML5 Video Player plugin by Flash, affecting versions up to 2.11.0. This issue allows unauthenticated users to bypass access controls, potentially exposing sensitive video content. Proper security measures and updates are crucial to protect against unauthorized access and ensure the integrity of the video content managed through this plugin.

Affected Version(s)

Flash & HTML5 Video <= 2.11.0

References

https://patchstack.com/database/wordpress/plugin/html5-vi...

vdb-entry

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Jun 24, 2026

Credit

Nabil Irawan | Patchstack Bug Bounty Program

CVE-2026-57323 Data

JSON

WordPress

What is CVE-2026-57323?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit