WordPress Plugin Vulnerabilities

HTML5 Video Player < 2.5.25 - Unauthenticated SQLi

Description

The plugin does not sanitize and escape the id parameter in the get_view function before using it in a SQL statement in a REST endpoint, allowing unauthenticated users to perform SQL injection attacks

Proof of Concept

Affects Plugins

Plugin icon
html5-video-player
Fixed in 2.5.25

References

CVE
CVE-2024-1061
URL
https://www.tenable.com/security/research/tra-2024-02

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
8.6 (high)

Miscellaneous

Original Researcher
Joshua Martinelle
Verified
Yes
WPVDB ID
19ab9d62-ccee-4d00-84ea-8f981e614bf8

Timeline

Publicly Published
2024-01-30 (about 2 years ago)
Added
2024-05-30 (about 2 years ago)
Last Updated
2024-05-30 (about 2 years ago)

Other

Published
Title
Published
2023-09-15
Title
Horizontal scrolling announcement <= 9.2 - Authenticated (subscriber+) Blind SQL Injection
Published
2025-04-04
Title
Pay with Contact Form 7 <= 1.0.4 - Authenticated (Administrator+) SQL Injection
Published
2024-08-30
Title
WP Events Manager < 2.2.0 - Authenticated (Subscriber+) Time-Based SQL Injection
Published
2023-04-17
Title
Bitcoin / AltCoin Payment Gateway < 1.7.3 - Unauthenticated SQLi
Published
2026-04-21
Title
MasterStudy LMS WordPress Plugin – for Online Courses and Education < 3.7.26 - Authenticated (Subscriber+) SQL Injection