{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-32537", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-04-15T09:13:46.576Z", "datePublished": "2026-03-20T09:09:46.014Z", "dateUpdated": "2026-03-20T09:09:46.014Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-20T09:09:46.014Z"}, "title": "WordPress Flash Video Player plugin <= 5.0.4 - CSRF to XSS vulnerability", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-352", "description": "CWE-352 Cross-Site request forgery (CSRF)", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "CAPEC-62 Cross Site Request Forgery"}]}], "affected": [{"vendor": "joshuae1974", "product": "Flash Video Player", "collectionURL": "https://wordpress.org/plugins", "packageName": "flash-video-player", "versions": [{"status": "affected", "version": "n/a", "lessThanOrEqual": "5.0.4", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Cross-Site request forgery (CSRF) vulnerability in joshuae1974 Flash Video Player allows Cross Site Request Forgery.This issue affects Flash Video Player: from n/a through 5.0.4.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Cross-Site request forgery (CSRF) vulnerability in joshuae1974 Flash Video Player allows Cross Site Request Forgery.<p>This issue affects Flash Video Player: from n/a through 5.0.4.</p>"}]}], "tags": ["x_open-source", "unsupported-when-assigned"], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/flash-video-player/vulnerability/wordpress-flash-video-player-plugin-5-0-4-csrf-to-xss-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseSeverity": "HIGH", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"}}], "credits": [{"lang": "en", "value": "Dimas Maulana | Patchstack Bug Bounty Program", "user": "00000000-0000-4000-9000-000000000000", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}}}

{}

{"cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "Cross-Site request forgery (CSRF) vulnerability in joshuae1974 Flash Video Player allows Cross Site Request Forgery.This issue affects Flash Video Player: from n/a through 5.0.4."}], "id": "CVE-2024-32537", "lastModified": "2026-03-20T10:16:18.073", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.7, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-03-20T10:16:18.073", "references": [{"source": "[email protected]", "url": "https://patchstack.com/database/wordpress/plugin/flash-video-player/vulnerability/wordpress-flash-video-player-plugin-5-0-4-csrf-to-xss-vulnerability?_s_id=cve"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "[email protected]", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-20T10:50:38.182128+00:00", "value": {"mitigation_remediation": ["Update Flash Video Player to a version newer than 5.0.4 once available", "If an update is not yet released, consider temporarily disabling or removing the plugin until a patch is available", "Restrict plugin usage permissions to administrators only"], "summary": {"action": "Apply Patch", "impact": "Cross\u2011Site Request Forgery"}, "threat_synthesis": {"affected_systems": "The plugin joshuae1974 Flash Video Player for WordPress is affected in all released versions up to and including 5.0.4; newer releases are not reported to be vulnerable.", "description_and_impact": "Cross\u2011Site Request Forgery (CWE\u2011352) in the WordPress Flash Video Player plugin allows an attacker to perform actions on the website on behalf of an authenticated user, potentially enabling the injection or modification of site content that could lead to cross\u2011site scripting or other integrity\u2011related issues.", "risk_and_exploitability": "The CVSS base score of 7.1 indicates high severity. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog, but the lack of exploit probability data does not reduce the risk to WordPress sites running the affected plugin. The attack vector is web\u2011based, requiring the victim to be an authenticated user or to be lured into visiting a crafted URL that triggers the forged request, potentially granting the attacker the privileges of that user and allowing malicious content injection."}}}}, "created": "2026-03-20T11:05:23.334940+00:00", "updated": "2026-03-20T11:05:23.334964+00:00", "vendors": []}