9 matches found
CVE-2026-7556
The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-7556
The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-7556 FV Flowplayer Video Player <= 7.5.49.7212 - Unauthenticated Stored Cross-Site Scripting via Comment Text
The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-7556 FV Flowplayer Video Player <= 7.5.49.7212 - Unauthenticated Stored Cross-Site Scripting via Comment Text
The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-7556
The FV Flowplayer Video Player plugin for WordPress is affected by a Stored Cross-Site Scripting (XSS) vulnerability in all versions up to 7.5.49.7212. The issue arises from insufficient input sanitization and output escaping in comment text, allowing unauthenticated attackers to inject web scrip...
CVE-2026-7556
The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
EUVD-2026-35292
The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
PT-2026-47635
Name of the Vulnerable Software and Affected Versions FV Flowplayer Video Player versions prior to 7.5.49.7213 Description The FV Flowplayer Video Player plugin for WordPress contains a Stored Cross-Site Scripting issue caused by insufficient input sanitization and output escaping of comment text...
PT-2024-39044 · WordPress · Affiliate Super Assistent
Name of the Vulnerable Software and Affected Versions: The Affiliate Super Assistent plugin for WordPress versions up to, and including, 1.5.3 Description: The issue is due to the software allowing users to supply arbitrary shortcodes in comments when the 'Parse comments' option is enabled. This...