CVE-2024-32537
CSRF Vulnerability in Joshuae1974 Flash Video Player
Publication date: 2026-03-20
Last updated on: 2026-03-20
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| joshuae1974 | flash_video_player | to 5.0.4 (inc) |
| patchstack | flash_video_player | From 5.0.0 (inc) to 5.0.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2024-32537 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Flash Video Player Plugin versions up to and including 5.0.4.
This vulnerability allows attackers to trick privileged users into executing unwanted actions while authenticated by methods such as clicking malicious links, visiting crafted pages, or submitting forms.
Although the attacker does not need to be authenticated, successful exploitation requires interaction from a privileged user.
The vulnerability is classified under OWASP Top 10 A5: Broken Access Control and has a CVSS severity score of 7.1, indicating a moderate risk level.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to perform unauthorized actions on your website or application through the Flash Video Player plugin if a privileged user is tricked into interacting with malicious content.
Such unauthorized actions could lead to compromised integrity, availability, and confidentiality of your system as indicated by the CVSS vector (C:L/I:L/A:L).
However, the risk is considered moderate and exploitation is unlikely, and no official patch is currently available.
Mitigation rules are available to block attacks exploiting this vulnerability until a patch is released.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.
What immediate steps should I take to mitigate this vulnerability?
Since no official patch is currently available for this vulnerability, immediate mitigation involves applying the mitigation rule issued by Patchstack to block attacks exploiting this vulnerability.
Users are also advised to update the Flash Video Player plugin when a patch becomes available or seek assistance from their hosting provider or web developer.