64 matches found
WordPress FV Flowplayer Video Player Plugin <= 7.5.43.7212 is vulnerable to Server Side Request Forgery (SSRF)
Software FV Flowplayer Video Player Type Plugin Vulnerable versions = 7.5.43.7212 Fixed in 7.5.45.7212 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-32955 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID...
WordPress FV Flowplayer Video Player Plugin <= 7.5.41.7212 is vulnerable to Cross Site Scripting (XSS)
Software FV Flowplayer Video Player Type Plugin Vulnerable versions = 7.5.41.7212 Fixed in 7.5.44.7212 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22299 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8f54d6f5d663 Credits Rafie...
PT-2024-19320 · Unknown · Fv Flowplayer Video Player
Name of the Vulnerable Software and Affected Versions: FV Flowplayer Video Player versions n/a through 7.5.41.7212 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows Reflected XSS. Recommendations: For...
CVE-2024-29122
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Stored XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.41.7212...
WordPress Plugin FV Flowplayer Video Player Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
WordPress FV Flowplayer Video Player Plugin <= 7.5.41.7212 is vulnerable to Cross Site Scripting (XSS)
Software FV Flowplayer Video Player Type Plugin Vulnerable versions = 7.5.41.7212 Fixed in 7.5.44.7212 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29122 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c4975faa05b5 Credits Byeongjun Jo...
WordPress FV Flowplayer Video Player Plugin <= 7.5.37.7212 is vulnerable to Cross Site Scripting (XSS)
Software FV Flowplayer Video Player Type Plugin Vulnerable versions = 7.5.37.7212 Fixed in 7.5.39.7212 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4520 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d232095d565d...
Cross site scripting
Unauth. Reflected Cross-Site Scripting XSS vulnerability in FolioVision FV Flowplayer Video Player plugin = 7.5.32.7212 versions...
CVE-2023-30499
CVE-2023-30499 refers to an unauthenticated, reflected Cross-Site Scripting (XSS) vulnerability in the FolioVision FV Flowplayer Video Player plugin for WordPress, affected versions
WordPress FV Flowplayer Video Player Plugin <= 7.5.32.7212 is vulnerable to Cross Site Scripting (XSS)
Software FV Flowplayer Video Player Type Plugin Vulnerable versions = 7.5.32.7212 Fixed in 7.5.35.7212 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30499 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 08f2f9dc3464...
CVE-2023-25066
Cross-Site Request Forgery CSRF vulnerability in FolioVision FV Flowplayer Video Player plugin = 7.5.30.7212 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in FolioVision FV Flowplayer Video Player plugin = 7.5.30.7212 versions...
CVE-2023-25066 WordPress FV Flowplayer Video Player Plugin <= 7.5.30.7212 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in FolioVision FV Flowplayer Video Player plugin = 7.5.30.7212 versions...
CVE-2022-3984
The Flowplayer Video Player WordPress plugin before 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...
CVE-2022-3984 Flowplayer Video Player < 1.0.5 - Contributor+ Stored XSS
The Flowplayer Video Player WordPress plugin before 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...
CVE-2022-3984 Flowplayer Video Player < 1.0.5 - Contributor+ Stored XSS
The Flowplayer Video Player WordPress plugin before 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...
CVE-2022-3984
CVE-2022-3984 concerns the Flowplayer Video Player WordPress plugin, affected versions prior to 1.0.5. The root cause is failure to validate and escape certain shortcode attributes before output, enabling Stored XSS by users with as low as Contributor. The compromise vector is via crafted shortco...
WordPress Flowplayer Video Player plugin <= 1.0.4 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Lana Codes in WordPress Flowplayer Video Player plugin versions = 1.0.4. Solution Update the WordPress Flowplayer Video Player plugin to the latest available version at least 1.0.5...
CVE-2022-25613
Summary : CVE-2022-25613 is an authenticated persistent Cross-Site Scripting (XSS) vulnerability in the WordPress FV Flowplayer Video Player plugin (versions
WordPress FV Flowplayer Video Player plugin SQL injection vulnerability
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. WordPress FV Flowplayer Video Player plugin version 7.5.15.727 and earlier versions are vulnerable to SQL injection. The vulnerability...