CVE-2022-25607 WordPress FV Flowplayer Video Player plugin <= 7.5.15.727 - SQL Injection (SQLi) vulnerability

Authenticated author or higher user role SQL Injection SQLi vulnerability discovered in FV Flowplayer Video Player WordPress plugin versions = 7.5.15.727...

CVE-2022-25607

Authenticated author or higher user role SQL Injection SQLi vulnerability discovered in FV Flowplayer Video Player WordPress plugin versions = 7.5.15.727...

WordPress FV Flowplayer Video Player plugin <= 7.5.15.727 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by Tien Nguyen Anh Patchstack Alliance in WordPress FV Flowplayer Video Player plugin versions = 7.5.15.727. Solution Update the WordPress FV Flowplayer Video Player plugin to the latest available version at least 7.5.18.727...

WordPress plugin FV Flowplayer Video Player SQL注入漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. WordPress FV Flowplayer Video Player plugin version 7.5.15.727 and earlier versions are vulnerable to SQL injection. The vulnerability...

CVE-2021-39350

The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the playerid parameter found in the /view/stats.php file which allows attackers to inject arbitrary web scripts, in versions 7.5.0.727 - 7.5.2.727...

CVE-2021-39350

The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the playerid parameter found in the /view/stats.php file which allows attackers to inject arbitrary web scripts, in versions 7.5.0.727 - 7.5.2.727...

CVE-2021-39350 FV Flowplayer Video Player <= 7.5.0.727 - 7.5.2.727 Reflected Cross-Site Scripting

The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the playerid parameter found in the /view/stats.php file which allows attackers to inject arbitrary web scripts, in versions 7.5.0.727 - 7.5.2.727...

CVE-2021-39350

FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter in ~/view/stats.php (versions 7.5.0.727–7.5.2.727). An attacker can inject arbitrary scripts. Remediation: update to version 7.5.3.727 or later.

CVE-2021-39350 FV Flowplayer Video Player <= 7.5.0.727 - 7.5.2.727 Reflected Cross-Site Scripting

The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the playerid parameter found in the /view/stats.php file which allows attackers to inject arbitrary web scripts, in versions 7.5.0.727 - 7.5.2.727...

PT-2021-22556 · WordPress · Fv Flowplayer Video Player

Name of the Vulnerable Software and Affected Versions: FV Flowplayer Video Player WordPress plugin versions 7.5.0.727 through 7.5.2.727 Description: The issue allows attackers to inject arbitrary web scripts via the player id parameter found in the /view/stats.php file, enabling Reflected...

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin FV Flowplayer video player, which stems from the playerid parameter in the /view/stats.php file being susceptible to a reflected cross-site scripting attack,...

WordPress FV Flowplayer Video Player plugin 7.5.0.727 – 7.5.2.727 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Margaux Dabert Intrinsec in WordPress FV Flowplayer Video Player plugin versions 7.5.0.727 – 7.5.2.727. Solution Update the WordPress FV Flowplayer Video Player plugin to the latest available version at least 7.5.3.727...

FV Flowplayer Video Player < 7.5.3.727 - Reflected Cross-Site Scripting

The plugin does not escape or validate the playerid parameter before outputting back in the Stats page in the admin dashboard, leading to a Reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator PoC...

FV Flowplayer Video Player < 7.5.3.727 - Reflected Cross-Site Scripting

The plugin does not escape or validate the playerid parameter before outputting back in the Stats page in the admin dashboard, leading to a Reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator...

WordPress FV Flowplayer Video Player plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.FV Flowplayer Video Player is a video player plugin used in it. relevant is a relevant content display plugin used in it. A cross-site...

CVE-2020-35748

Cross-site scripting XSS vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fvwpfvvideoplayersrc JSON field in the data parameter...

CVE-2020-35748

Cross-site scripting XSS vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fvwpfvvideoplayersrc JSON field in the data parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fvwpfvvideoplayersrc JSON field in the data parameter...

CVE-2020-35748

Cross-site scripting XSS vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fvwpfvvideoplayersrc JSON field in the data parameter...

CVE-2020-35748

FV Flowplayer Video Player plugin for WordPress is affected by a cross-site scripting (XSS) vulnerability in models/list-table.php, fixed in versions 7.4.38.727 and later. The issue allows remote authenticated users to inject arbitrary script/HTML via the fv_wp_fvvideoplayer_src field in the data...