ARTICLE AD BOX
Published : Sept. 11, 2024, 5:15 a.m. | 24 minutes ago
Description : The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_password' function in all versions up to, and including, 2.5.34. This makes it possible for authenticated attackers, with Subscriber-level access and above, to set any options that are not explicitly checked as false to an array, including enabling user registration if it has been disabled.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...