.. / CVE-2024-1061

Exploit for WordPress Plugin HTML5 Video Player < 2.5.25 - Unauthenticated SQL Injection (CVE-2024-1061)

Description:

WordPress HTML5 Video Player plugin version < 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the ‘id’ parameter in the ‘get_view’ function.

Affected Products:

Proof of Concept

PoC exploits

Nuclei Template

View the template here CVE-2024-1061.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-1061.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-1061
https://wordpress.org/plugins/html5-video-player
https://www.tenable.com/security/research/tra-2024-02