CVE-2024-32537
Received Received - Intake
CSRF Vulnerability in Joshuae1974 Flash Video Player

Publication date: 2026-03-20

Last updated on: 2026-03-20

Assigner: Patchstack

Description
Cross-Site request forgery (CSRF) vulnerability in joshuae1974 Flash Video Player allows Cross Site Request Forgery.This issue affects Flash Video Player: from n/a through 5.0.4.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-20
Last Modified
2026-03-20
Generated
2026-06-16
AI Q&A
2026-03-20
EPSS Evaluated
2026-06-15
NVD
CVE-2024-32537
EUVD
EUVD-2024-30339
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
joshuae1974 flash_video_player to 5.0.4 (inc)
patchstack flash_video_player From 5.0.0 (inc) to 5.0.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2024-32537 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Flash Video Player Plugin versions up to and including 5.0.4.

This vulnerability allows attackers to trick privileged users into executing unwanted actions while authenticated by methods such as clicking malicious links, visiting crafted pages, or submitting forms.

Although the attacker does not need to be authenticated, successful exploitation requires interaction from a privileged user.

The vulnerability is classified under OWASP Top 10 A5: Broken Access Control and has a CVSS severity score of 7.1, indicating a moderate risk level.

Impact Analysis

This vulnerability can impact you by allowing attackers to perform unauthorized actions on your website or application through the Flash Video Player plugin if a privileged user is tricked into interacting with malicious content.

Such unauthorized actions could lead to compromised integrity, availability, and confidentiality of your system as indicated by the CVSS vector (C:L/I:L/A:L).

However, the risk is considered moderate and exploitation is unlikely, and no official patch is currently available.

Mitigation rules are available to block attacks exploiting this vulnerability until a patch is released.

Compliance Impact

I don't know

Detection Guidance

There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.

Mitigation Strategies

Since no official patch is currently available for this vulnerability, immediate mitigation involves applying the mitigation rule issued by Patchstack to block attacks exploiting this vulnerability.

Users are also advised to update the Flash Video Player plugin when a patch becomes available or seek assistance from their hosting provider or web developer.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-32537. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart