Lucene search
CVE-2024-6338
The FV Flowplayer Video Player plugin for WordPress is vulnerable to time-based SQL Injection via the 'exclude' parameter in all versions up to, and including, 7.5.46.7212 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query
Show more
| Reporter | Title | Published | Views | Family All 5 |
|---|---|---|---|---|
 | WordPress FV Flowplayer Video Player Plugin <= 7.5.46.7212 is vulnerable to SQL Injection | 19 Jul 202400:00 | – | patchstack |
 | CVE-2024-6338 FV Player <= 7.5.46.7212 - Authenticated (Subscriber+) SQL Injection via exclude Parameter | 19 Jul 202407:36 | – | cvelist |
 | CVE-2024-6338 FV Player <= 7.5.46.7212 - Authenticated (Subscriber+) SQL Injection via exclude Parameter | 19 Jul 202407:36 | – | vulnrichment |
 | CVE-2024-6338 | 19 Jul 202408:15 | – | nvd |
 | Wordfence Intelligence Weekly WordPress Vulnerability Report (July 15, 2024 to July 21, 2024) | 25 Jul 202414:49 | – | wordfence |
Node
[
{
"vendor": "foliovision",
"product": "FV Flowplayer Video Player",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "7.5.46.7212",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo19 Jul 2024 08:15Current
8.7High risk
Vulners AI Score8.7
CVSS38.8
EPSS0.00045
SSVC