CVE-2024-7727

Name of the Vulnerable Software and Affected Versions HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress versions up to, and including, 2.5.32

Description The issue is related to unauthorized access of data due to a missing capability check on multiple functions called via the 'h5vp ajax handler' ajax action. This allows unauthenticated attackers to manipulate data by calling these functions.

Recommendations For versions up to, and including, 2.5.32, consider disabling the 'h5vp ajax handler' ajax action until a patch is available to prevent unauthorized access and data manipulation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.