This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: SQL Injection in WordPress Plugin HTML5 Video Player. π₯ **Consequences**: Attackers can manipulate database queries via the `id` parameter in the `get_view` function.β¦
π‘οΈ **Root Cause**: **CWE-89** (SQL Injection). π **Flaw**: The `id` parameter in the `get_view` function is not properly sanitized. It allows raw SQL code injection directly into the database query.
Q3Who is affected? (Versions/Components)
π¦ **Affected**: WordPress Plugin **HTML5 Video Player**. π **Versions**: All versions **prior to 2.5.25**. β **Safe**: Version 2.5.25 and above are patched.
Q4What can hackers do? (Privileges/Data)
π΅οΈ **Hackers Can**: Execute arbitrary SQL commands. π **Impact**: Access sensitive database data (users, configs), modify data, or potentially escalate privileges to control the underlying server.
Q5Is exploitation threshold high? (Auth/Config)
π **Threshold**: **LOW**. π« **Auth**: **Unauthenticated**. No login required. βοΈ **Config**: Exploitable via the `id` parameter in `get_view`. Easy to trigger remotely.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π» **Public Exp?**: **YES**. π **PoC**: Available via ProjectDiscovery Nuclei templates. π **Wild Exp**: High risk of automated scanning and exploitation due to public availability.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for **HTML5 Video Player** plugin. π§ͺ **Test**: Check if version < 2.5.25. π οΈ **Tool**: Use Nuclei templates or manual SQLi testing on the `get_view` endpoint with the `id` parameter.
Q8Is it fixed officially? (Patch/Mitigation)
π§ **Fixed?**: **YES**. π₯ **Patch**: Update plugin to **v2.5.25** or later. π **Action**: Immediate update recommended by the vendor.
Q9What if no patch? (Workaround)
π§ **No Patch?**: Disable the plugin if possible. π **Mitigation**: Implement WAF rules to block SQL injection patterns in the `id` parameter. π« **Restrict**: Limit access to the `get_view` endpoint if feasible.
Q10Is it urgent? (Priority Suggestion)
β‘ **Urgency**: **HIGH**. π¨ **Priority**: Critical. Unauthenticated SQLi is severe. π **Action**: Patch immediately. CVSS Score indicates High Confidentiality impact.