cleantalk
Vulnerabilities and Security Researches

The Ultimate Video Player For WordPress – by Presto Player, CVE-2024-2428

CVE, Research URL

CVE-2024-2428

Home page URL

Security reports for The Ultimate Video Player For WordPress – by Presto Player

Application

The Ultimate Video Player For WordPress – by Presto Player

Published on
Apr 10, 2024
Research Description
The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them. Furthermore, due to the lack of escaping in one of the settings, this also allows them to perform Stored XSS attacks
Affected versions
max 2.2.3.
Status
vulnerable
Previous vulnerability researches
The Ultimate Video Player For WordPress – by Presto Player (CVE-2026-45442) , May 19, 2026
The Ultimate Video Player For WordPress – by Presto Player (CVE-2024-2428) , Jun 07, 2024
The Ultimate Video Player For WordPress – by Presto Player (CVE-2024-43285) , Aug 20, 2024
New vulnerability
WordPress Infinite Scroll – Ajax Load More (CVE-2026-6495) , May 20, 2026
AI Engine (CVE-2025-8084) , May 20, 2026
AI Engine (CVE-2026-8719) , May 20, 2026
WP Document Revisions (CVE-2026-42677) , May 20, 2026
WP Photo Album Plus (CVE-2026-6379) , May 20, 2026