WordPress FV Flowplayer Video Player plugin <= 7.3.14.727 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability found in WordPress FV Flowplayer Video Player plugin versions = 7.3.14.727. Solution Update the WordPress FV Flowplayer Video Player plugin to the latest available version at least 7.3.15.727...

WordPress FV Flowplayer Video Player plugin <= 7.3.13.727 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability found in WordPress FV Flowplayer Video Player plugin versions = 7.3.13.727. Solution Update the WordPress FV Flowplayer Video Player plugin to the latest available version at least 7.3.14.727...

FV Flowplayer Video Player <= 7.3.14.727 - CSV Export

Changelog states: Security - fix for email subscription CSV export capability available to guest users...

FV Flowplayer Video Player <= 7.3.13.727 - Unauthenticated Stored XSS

The vulnerable function is exposed to unauthenticated users over wpajaxnoprivfvwpflowplayeremailsignup ajax hook. It saves anything that user provides in email POST parameter. Send POST request to wp-admin/admin-ajax.php with body content: "action=fvwpflowplayeremailsignup&list=1&[email protected]"...

FV Flowplayer Video Player <= 7.3.14.727 - SQL Injection

Changelog states: "Security - fix for SQL injection vulnerability in email subscription"...

Cross-Site Scripting (XSS)

flowplayer is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser by via the callback parameter using URL encoding. This vulnerability exists due to an incomplete fix for CVE-2013-7342...

WordPress FV Flowplayer Video Player plugin <= 7.2.0.727 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability found by Janek Vind "waraxe" in WordPress FV Flowplayer Video Player plugin versions = 7.2.0.727. Solution Update the WordPress FV Flowplayer Video Player plugin to the latest available version at least 7.2.1.727...

Wordpress plugin FV Flowplayer cross-site scripting vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the Wordpress plugin FV Flowplayer, which can be exploited by an attacker to...

WordPress FV Flowplayer 7.2.0.727 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Reflected XSS in FV Flowplayer Wordpress plugin ================================================================ Author: Janek Vind "waraxe" Date: 20. September 2018 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-107.html Target...

WordPress FV Flowplayer 7.2.0.727 Cross Site Scripting

waraxe-2018-SA107 - Reflected XSS in FV Flowplayer Wordpress plugin ================================================================================ Author: Janek Vind "waraxe" Date: 20. September 2018 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-107.html Target description: FV...

WordPress FV Flowplayer Video Player plugin <=6.6.4 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found in WordPress FV Flowplayer Video Player plugin versions =6.6.4. Solution Update the WordPress FV Flowplayer Video Player plugin to the latest available version at least 6.6.5...

CVE-2018-0642

Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2018-0642

Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2018-0642

Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2018-0642

The CVE-2018-0642 entry describes a Cross-Site Scripting (XSS) vulnerability in the WordPress FV Flowplayer Video Player plugin, affected versions 6.1.2 through 6.6.4. The underlying issue is an XSS flaw that could allow an attacker to inject arbitrary script or HTML, with vectors and impact desc...

WordPress FV Flowplayer Video Player Plugin Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Cross-site scripting vulnerability in the WordPress FV Flowplayer Video Player plugin can be exploited by an attacker to...

WordPress plugin "FV Flowplayer Video Player" vulnerable to cross-site scripting

Overview The WordPress plugin "FV Flowplayer Video Player" provided by Foliovision contains a cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

JVN#70246549: WordPress plugin "FV Flowplayer Video Player" vulnerable to cross-site scripting

The WordPress plugin "FV Flowplayer Video Player" provided by Foliovision contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the plugin Update the plugin according to the information provided by the developer...

FV Flowplayer Video Player 6.1.2-6.6.4 - Unspecified Cross-Site Scripting (XSS)

The FV Flowplayer Video Player WordPress plugin was affected by an Unspecified Cross-Site Scripting XSS security vulnerability...