Description
Cross-Site request forgery (CSRF) vulnerability in joshuae1974 Flash Video Player allows Cross Site Request Forgery.This issue affects Flash Video Player: from n/a through 5.0.4.
Published: 2026-03-20
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑Site Request Forgery
Action: Apply Patch
AI Analysis

Impact

Cross‑Site Request Forgery (CWE‑352) in the WordPress Flash Video Player plugin allows an attacker to perform actions on the website on behalf of an authenticated user, potentially enabling the injection or modification of site content that could lead to cross‑site scripting or other integrity‑related issues.

Affected Systems

The plugin joshuae1974 Flash Video Player for WordPress is affected in all released versions up to and including 5.0.4; newer releases are not reported to be vulnerable.

Risk and Exploitability

The CVSS base score of 7.1 indicates high severity. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog, but the lack of exploit probability data does not reduce the risk to WordPress sites running the affected plugin. The attack vector is web‑based, requiring the victim to be an authenticated user or to be lured into visiting a crafted URL that triggers the forged request, potentially granting the attacker the privileges of that user and allowing malicious content injection.

Generated by OpenCVE AI on March 20, 2026 at 10:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Flash Video Player to a version newer than 5.0.4 once available
  • If an update is not yet released, consider temporarily disabling or removing the plugin until a patch is available
  • Restrict plugin usage permissions to administrators only

Generated by OpenCVE AI on March 20, 2026 at 10:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Joshuae1974
Joshuae1974 flash Video Player
Wordpress
Wordpress wordpress
Vendors & Products Joshuae1974
Joshuae1974 flash Video Player
Wordpress
Wordpress wordpress

Fri, 20 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Mar 2026 09:30:00 +0000

Type Values Removed Values Added
Description Cross-Site request forgery (CSRF) vulnerability in joshuae1974 Flash Video Player allows Cross Site Request Forgery.This issue affects Flash Video Player: from n/a through 5.0.4.
Title WordPress Flash Video Player plugin <= 5.0.4 - CSRF to XSS vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Joshuae1974 Flash Video Player
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-03-20T14:07:19.501Z

Reserved: 2024-04-15T09:13:46.576Z

Link: CVE-2024-32537

cve-icon Vulnrichment

Updated: 2026-03-20T14:07:06.238Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-20T10:16:18.073

Modified: 2026-03-20T13:37:50.737

Link: CVE-2024-32537

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T16:27:32Z

Weaknesses