CVE-2024-5522
June 20, 2024, 12:43 p.m.
Tags
Product(s) Impacted
WordPress HTML5 Video Player plugin
- before 2.5.27
Description
The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
Weaknesses
Date
Published: June 20, 2024, 6:15 a.m.
Last Modified: June 20, 2024, 12:43 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
contact@wpscan.com
References
contact@wpscan.com