292 matches found
FV Flowplayer Video Player WordPress plugin - Authenticated Cross-Site Scripting
The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the playerid parameter found in the /view/stats.php file which allows attackers to inject arbitrary web scripts in versions 7.5.0.727 - 7.5.2.727. id: CVE-2021-39350 info: name: FV Flowplayer Video...
CVE-2026-49773
Subscriber Cross Site Scripting XSS in FV Flowplayer Video Player 7.5.51.7212 versions...
EUVD-2026-36894
Subscriber Cross Site Scripting XSS in FV Flowplayer Video Player 7.5.51.7212 versions...
CVE-2026-49773 WordPress FV Flowplayer Video Player plugin < 7.5.51.7212 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting XSS in FV Flowplayer Video Player 7.5.51.7212 versions...
CVE-2026-49773 WordPress FV Flowplayer Video Player plugin < 7.5.51.7212 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting XSS in FV Flowplayer Video Player 7.5.51.7212 versions...
CVE-2026-49773
CVE-2026-49773 refers to a Cross Site Scripting (XSS) vulnerability in WordPress FV Flowplayer Video Player plugin versions earlier than 7.5.51.7212. The vulnerability is described as a Subscriber XSS issue; CVSS v3.1 base score is 6.5 (MEDIUM) with network attack vector, required user interactio...
PT-2026-49344
Name of the Vulnerable Software and Affected Versions FV Flowplayer Video Player versions prior to 7.5.51.7212 Description Cross Site Scripting XSS is possible for users with the Subscriber role. This issue allows an attacker to inject malicious scripts into web pages viewed by other users...
CVE-2026-7556
The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
WordPress FV Flowplayer Video Player plugin <= 7.5.49.7212 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin FV Flowplayer Video Player versions = 7.5.49.7212...
CVE-2026-7556
The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-7556 FV Flowplayer Video Player <= 7.5.49.7212 - Unauthenticated Stored Cross-Site Scripting via Comment Text
The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
EUVD-2026-35292
The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-7556
The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-7556
The FV Flowplayer Video Player plugin for WordPress is affected by a Stored Cross-Site Scripting (XSS) vulnerability in all versions up to 7.5.49.7212. The issue arises from insufficient input sanitization and output escaping in comment text, allowing unauthenticated attackers to inject web scrip...
CVE-2026-7556 FV Flowplayer Video Player <= 7.5.49.7212 - Unauthenticated Stored Cross-Site Scripting via Comment Text
The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
PT-2026-47635
Name of the Vulnerable Software and Affected Versions FV Flowplayer Video Player versions prior to 7.5.49.7213 Description The FV Flowplayer Video Player plugin for WordPress contains a Stored Cross-Site Scripting issue caused by insufficient input sanitization and output escaping of comment text...
WordPress plugin FV Flowplayer Video Player 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress FV Flowplayer Video Player plugin < 7.5.51.7212 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Jakub Herman in WordPress Plugin FV Flowplayer Video Player versions 7.5.51.7212...
CVE-2023-25066
Cross-Site Request Forgery CSRF vulnerability in FolioVision FV Flowplayer Video Player plugin = 7.5.30.7212 versions...
CVE-2023-4520
The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fvplayeruservideo’ parameter saved via the 'save' function hooked via init, and the plugin is also vulnerable to Arbitrary Usermeta Update via the 'save' function in versions up to, and...