CVE-2026-57323
Deferred Deferred - Pending Action

Unauthenticated Broken Access Control in Flash & HTML5 Video

Vulnerability report for CVE-2026-57323, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Patchstack

Description

Unauthenticated Broken Access Control in Flash & HTML5 Video <= 2.11.0 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-07-16
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
patchstack flash_html5_video_plugin to 2.11.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The WordPress Flash & HTML5 Video Plugin, versions 2.11.0 and below, contains a Broken Access Control vulnerability identified as CVE-2026-57323.

This vulnerability allows unauthenticated users to perform actions that normally require higher privileges because of missing authorization, authentication, or nonce token checks.

It means that attackers who are not logged in can exploit this flaw to bypass security controls and access or manipulate restricted functionality.

Detection Guidance

The vulnerability in the WordPress Flash & HTML5 Video Plugin versions 2.11.0 and below allows unauthenticated users to perform privileged actions due to broken access control.

To detect this vulnerability on your system or network, you should first identify if the vulnerable plugin version is installed on your WordPress site.

Since the vulnerability involves missing authorization and authentication checks, detection typically involves checking the plugin version and monitoring for unauthorized access attempts.

  • Check the installed plugin version via WordPress admin dashboard or by running a command to list plugin versions, for example:
  • Using WP-CLI: wp plugin list | grep flash-html5-video
  • Look for version 2.11.0 or below, which is vulnerable.
  • Monitor web server logs for suspicious unauthenticated requests attempting to access privileged plugin functions.
  • Use network monitoring tools or web application firewalls (WAF) with rules to detect or block exploitation attempts.

Patchstack provides a mitigation rule to block attacks until the plugin is updated, which can help in detection and prevention.

Impact Analysis

This vulnerability has a moderate severity with a CVSS score of 5.8, indicating a significant risk.

Exploitation can allow unauthenticated attackers to perform privileged actions on affected websites, potentially compromising site integrity or functionality.

Because it can be exploited in mass campaigns targeting thousands of websites, it poses a widespread threat to users running vulnerable versions of the plugin.

Immediate action such as updating the plugin to version 2.11.1 or later, applying mitigation rules, or enabling auto-updates is advised to reduce risk.

Compliance Impact

The provided information does not specify how the Broken Access Control vulnerability in the Flash & HTML5 Video Plugin affects compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the WordPress Flash & HTML5 Video Plugin to version 2.11.1 or later.

If updating is not possible, you should seek assistance from your hosting provider or a web developer.

Additionally, Patchstack offers a mitigation rule that can be applied to block attacks until the update is applied.

Enabling auto-updates for vulnerable plugins is also recommended to prevent exploitation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57323. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart