3 matches found
CVE-2019-14799
The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS...
CVE-2019-14799
The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS...
CVE-2019-14799
The FV Flowplayer Video Player plugin for WordPress (versions prior to 7.3.14.727) exposes an XSS vulnerability via the unauthenticated AJAX endpoint wp-admin/admin-ajax.php, fv_wp_flowplayer_email_signup. An attacker can submit crafted data to the email parameter (e.g., via list=1 and email fiel...