Fv Flowplayer Video Player Security Vulnerabilities and Issues — Fv Flowplayer Video Player CVE List

Lucene search

FoliovisionFv Flowplayer Video Player

4 matches found

CVE•added 2021/01/15 5:15 p.m.•65 views

CVE-2020-35748

Cross-site scripting (XSS) vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fv_wp_fvvideoplayer_src JSON field in the data parameter.

5.4CVSS5.1AI score0.00122EPSS

CVE•added 2022/04/04 8:15 p.m.•64 views

CVE-2022-25613

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions

5.4CVSS4.7AI score0.0017EPSS

CVE•added 2022/12/19 2:15 p.m.•59 views

CVE-2022-3984

The Flowplayer Video Player WordPress plugin before 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks

5.4CVSS5.3AI score0.00103EPSS

CVE•added 2019/08/15 3:15 p.m.•40 views

CVE-2019-14800

The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export=1 URI.

5.3CVSS5.2AI score0.00249EPSS