23 matches found
CVE-2025-49430
Server-Side Request Forgery SSRF vulnerability in FWDesign Ultimate Video Player fwduvp allows Server Side Request Forgery.This issue affects Ultimate Video Player: from n/a through = 10.1...
CVE-2025-49430 WordPress Ultimate Video Player Plugin <= 10.1 - Server Side Request Forgery (SSRF) Vulnerability
Server-Side Request Forgery SSRF vulnerability in FWDesign Ultimate Video Player fwduvp allows Server Side Request Forgery.This issue affects Ultimate Video Player: from n/a through = 10.1...
CVE-2025-49430
CVE-2025-49430 concerns the FWDesign Ultimate Video Player plugin for WordPress (versions through 10.1). A Server-Side Request Forgery (SSRF) vulnerability exists in the plugin, enabling an attacker to induce the server to make arbitrary requests. The issue is documented across multiple sources (...
WordPress plugin Ultimate Video Player 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
PT-2025-36768
Name of the Vulnerable Software and Affected Versions: FWDesign Ultimate Video Player versions through 10.1 Description: A Server-Side Request Forgery SSRF vulnerability exists in FWDesign Ultimate Video Player, allowing Server Side Request Forgery. Recommendations: At the moment, there is no...
CVE-2025-49432
Missing Authorization vulnerability in FWDesign Ultimate Video Player fwduvp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Video Player: from n/a through = 10.1...
CVE-2025-49432 WordPress Ultimate Video Player Plugin <= 10.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in FWDesign Ultimate Video Player fwduvp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Video Player: from n/a through = 10.1...
CVE-2025-49432 WordPress Ultimate Video Player Plugin <= 10.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in FWDesign Ultimate Video Player fwduvp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Video Player: from n/a through = 10.1...
CVE-2025-49432
CVE-2025-49432 affects FWDesign Ultimate Video Player (WordPress plugin) up to version 10.1. Description documents a Missing Authorization vulnerability caused by incorrectly configured access control security levels, enabling unauthorized access actions. Public sources (PT-Security) indicate the...
WordPress Ultimate Video Player Plugin <= 10.1 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Anhchangmutrang in WordPress Plugin Ultimate Video Player versions = 10.1...
WordPress plugin Ultimate Video Player 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Ultimate Video Player Plugin <= 10.1 - Server Side Request Forgery (SSRF) Vulnerability
Server Side Request Forgery SSRF Vulnerability discovered by Anhchangmutrang in WordPress Plugin Ultimate Video Player versions = 10.1...
CVE-2024-10804
The Ultimate Video Player WordPress & WooCommerce Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 10.0 via the content/downloader.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the...
CVE-2024-10804 Ultimate Video Player <= 10.0 - Unauthenticated Arbitrary File Download
The Ultimate Video Player WordPress & WooCommerce Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 10.0 via the content/downloader.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the...
CVE-2024-10804 Ultimate Video Player <= 10.0 - Unauthenticated Arbitrary File Download
The Ultimate Video Player WordPress & WooCommerce Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 10.0 via the content/downloader.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the...
WordPress plugin Ultimate Video Player 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...
WordPress Ultimate Video Player plugin <= 10.0 - Unauthenticated Arbitrary File Download vulnerability
Unauthenticated Arbitrary File Download vulnerability discovered by Tonn in WordPress Plugin Ultimate Video Player versions = 10.0...
CVE-2024-2428
The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them. Furthermore, due to the lack of escaping in one of the settings, this also allows them to...
CVE-2024-2428 The Ultimate Video Player For WordPress < 2.2.3 - Contributor+ Stored XSS
The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them. Furthermore, due to the lack of escaping in one of the settings, this also allows them to...
CVE-2024-2428 The Ultimate Video Player For WordPress < 2.2.3 - Contributor+ Stored XSS
The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them. Furthermore, due to the lack of escaping in one of the settings, this also allows them to...