What is CVE-2024-5522?

CVE-2024-5522 is a vulnerability in Html5 Video Player, classified under CWE-89 SQL INJECTION. Published 2024-06-20.

Is CVE-2024-5522 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Html5 Video Player

CVE-2024-5522

The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks

EPSS: 0.838 (99.3th percentile) — read the EPSS interpretation.

Affected products

Unknown Html5 Video Player — versions 0

Public proof-of-concept exploits

geniuszly/CVE-2024-5522
kryptonproject/CVE-2024-5522-PoC
nak000/CVE-2024-5522-Poc
nomi-sec/PoC-in-GitHub
geniuszlyy/CVE-2024-5522
truonghuuphuc/Poc
truonghuuphuc/CVE-2024-5522-Poc
mdismail-cse/Poc

References

wpscan.com/vulnerability/bc76ef95-a2a9-4185-8ed9-1059097a506a/ (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2024-5522?: CVE-2024-5522 is a vulnerability in Html5 Video Player, classified under CWE-89 SQL INJECTION. Published 2024-06-20.
Is CVE-2024-5522 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.