Vulnerabilities > Bplugins
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-15 | CVE-2025-22787 | Missing Authorization vulnerability in Bplugins Button Block Missing Authorization vulnerability in bPlugins LLC Button Block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Button Block: from n/a through 1.1.5. | 8.8 |
| 2025-01-09 | CVE-2025-22815 | Cross-site Scripting vulnerability in Bplugins Button Block Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins LLC Button Block allows Stored XSS.This issue affects Button Block: from n/a through 1.1.6. | 5.4 |
| 2024-12-19 | CVE-2024-12560 | Unspecified vulnerability in Bplugins Button Block The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the 'btn_block_duplicate_post' function. | 6.5 |
| 2024-11-21 | CVE-2024-10671 | Authorization Bypass Through User-Controlled Key vulnerability in Bplugins Button Block The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.4 via the [btn_block] shortcode due to insufficient restrictions on which posts can be included. | 6.5 |
| 2024-11-01 | CVE-2024-43296 | Missing Authorization vulnerability in Bplugins Html5 Video Player Missing Authorization vulnerability in bPlugins LLC Flash & HTML5 Video allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flash & HTML5 Video: from n/a through 2.5.30. | 8.8 |
| 2024-09-11 | CVE-2024-7721 | Missing Authorization vulnerability in Bplugins Html5 Video Player The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_password' function in all versions up to, and including, 2.5.34. | 4.3 |
| 2024-09-11 | CVE-2024-7727 | Missing Authorization vulnerability in Bplugins Html5 Video Player The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions called via the 'h5vp_ajax_handler' ajax action in all versions up to, and including, 2.5.32. | 5.3 |
| 2024-07-22 | CVE-2024-37445 | Unspecified vulnerability in Bplugins Html5 Audio Player Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bPlugins Html5 Audio Player allows Stored XSS.This issue affects Html5 Audio Player: from n/a through 2.2.23. | 5.4 |
| 2024-01-31 | CVE-2024-23508 | Unspecified vulnerability in Bplugins PDF Poster Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins PDF Poster – PDF Embedder Plugin for WordPress allows Reflected XSS.This issue affects PDF Poster – PDF Embedder Plugin for WordPress: from n/a through 2.1.17. | 6.1 |
| 2024-01-30 | CVE-2024-1061 | SQL Injection vulnerability in Bplugins Html5 Video Player The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the 'get_view' function. | 9.8 |