Flash & HTML5 Video

bPlugins

Developer

2.7.2

Latest version

20,000

Installations

Nov 3, 2025

Last updated

WordPress Plugin

Active VDP

Report vulnerability

Vulnerabilities

Security Policy

Security Contributors

Vulnerability history

0 present

7 fixed

5 Mitigation rules

Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via heading Parameter vulnerability
<= 2.5.35
Jan 13, 2025
Missing Authorization in multiple functions via h5vp_ajax_handler vulnerability
<= 2.5.32
Sep 11, 2024
Missing Authorization to Authenticated (Subscriber+) Limited Options Update vulnerability
<= 2.5.34
Sep 11, 2024
Sensitive Data Exposure vulnerability
<= 2.5.31
Aug 16, 2024
Broken Access Control vulnerability
<= 2.5.30
Aug 16, 2024
Unauthenticated SQLi vulnerability
< 2.5.27
May 31, 2024
Unauthenticated SQL Injection vulnerability
< 2.5.25
Jan 31, 2024