A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Critical Vulnerabilities affecting WordPress (CVE-2024-5522, CVE-2024-5150, CVE-2024-3412)

Critical Vulnerabilities affecting WordPress (CVE-2024-5522, CVE-2024-5150, CVE-2024-3412)

Advisory No: TZCERT/SA/2024/05/31-1

Date of First Release: 31st May 2024

Source: Wordfence

Software Affected:  html5-video-player,  login-with-phone-number,  wp-staging


WordPress is vulnerable to three critical vulnerabilities. The attackers can leverage the vulnerabilities to take control of the affected system.


Three WordPress plugins namely html5-video-player,  login-with-phone-number,  wp-staging are affected by the vulnerabilities tracked as CVE-2024-5522, CVE-2024-5150 and CVE-2024-3412 respectively. Reasons for the flaws include insufficient escaping and validation of user-supplied data. The attackers can exploit the vulnerabilities to gain access to the vulnerable system and access to sensitive information.


Successful exploitation of these vulnerabilities may allow an attacker to take control of the vulnerable system


WordPress has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.


  1. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/html5-video-player/html5-video-player-2526-unauthenticated-sql-injection
  2. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/login-with-phone-number/login-with-phone-number-1726-authentication-bypass-due-to-missing-empty-value-check
  3. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-staging/wp-staging-wordpress-backup-plugin-migration-backup-restore-343-authenticated-admin-arbitrary-file-upload

Check Also

High severity vulnerabilities in HPE ProLiant and HPE Edgeline Servers Using BIOS (PixieFail) (CVE-2023-45229, CVE-2023-45230, CVE-2023-45234, CVE-2023-45235, CVE-2021-38575)

Advisory No: TZCERT/SA/2024/05/31-2 Date of First Release: 31st May 2024 Source: Hewlett-Packard (HP) Software Affected: …