Vulnerabilities and security researches forpresto-player presto-player

Jun 07, 2024

CVE, Research URL: CVE-2024-2428
Home page URL: Security reports for The Ultimate Video Player For WordPress – by Presto Player
Application: The Ultimate Video Player For WordPress – by Presto Player
Date: Apr 10, 2024
Research Description: The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them. Furthermore, due to the lack of escaping in one of the settings, this also allows them to perform Stored XSS attacks
Affected versions: max 2.2.3.
Status: vulnerable

Aug 20, 2024

CVE, Research URL: CVE-2024-43285
Home page URL: Security reports for The Ultimate Video Player For WordPress – by Presto Player
Application: The Ultimate Video Player For WordPress – by Presto Player
Date: Nov 01, 2024
Research Description: Missing Authorization vulnerability in Presto Made, Inc Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Presto Player: from n/a through 3.0.2.
Affected versions: max 3.0.3.
Status: vulnerable

May 19, 2026

CVE, Research URL: CVE-2026-45442
Home page URL: Security reports for The Ultimate Video Player For WordPress – by Presto Player
Application: The Ultimate Video Player For WordPress – by Presto Player
Date: May 19, 2026
Research Description: Missing Authorization vulnerability in Brainstorm Force Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Presto Player: from n/a through 4.1.3.
Affected versions: max 4.1.4.
Status: vulnerable