← Volver a CVEs

CVE-2024-7727

MEDIUM

5.3

Descripcion

The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions called via the 'h5vp_ajax_handler' ajax action in all versions up to, and including, 2.5.32. This makes it possible for unauthenticated attackers to call these functions to manipulate data.

Detalles CVE

Puntuacion CVSS v3.15.3

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado9/11/2024

Ultima modificacion9/18/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

bplugins:html5_video_player

Debilidades (CWE)

CWE-862

Referencias

https://plugins.trac.wordpress.org/browser/html5-video-player/trunk/inc/Model/Ajax.php#L5(security@wordfence.com)

https://plugins.trac.wordpress.org/browser/html5-video-player/trunk/inc/Model/ImportData.php#L4(security@wordfence.com)

https://plugins.trac.wordpress.org/changeset/3139559/(security@wordfence.com)

https://www.wordfence.com/threat-intel/vulnerabilities/id/908df18e-7178-4d40-becb-86e1a714a7da?source=cve(security@wordfence.com)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.