cbcvebase.

Foliovision Fv Flowplayer Video Player vulnerabilities

19 known vulnerabilities affecting foliovision/fv_flowplayer_video_player.

Total CVEs
19
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH5MEDIUM12

Vulnerabilities

Page 1 of 1
CVE-2019-13573P2CRITICALCVSS 9.8fixed in 7.3.19.7272019-07-17
CVE-2019-13573 [CRITICAL] CWE-89 CVE-2019-13573: A SQL injection vulnerability exists in the FolioVision FV Flowplayer Video Player plugin before 7.3 A SQL injection vulnerability exists in the FolioVision FV Flowplayer Video Player plugin before 7.3.19.727 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.
nvd
CVE-2021-39350P3MEDIUMCVSS 6.1PoC≥ 7.5.0.727, ≤ 7.5.2.7272021-10-06
CVE-2021-39350 [MEDIUM] CWE-79 CVE-2021-39350: The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter found in the ~/view/stats.php file which allows attackers to inject arbitrary web scripts, in versions 7.5.0.727 - 7.5.2.727.
nvd
CVE-2019-14801P3CRITICALCVSS 9.8fixed in 7.3.15.7272019-08-09
CVE-2019-14801 [CRITICAL] CWE-89 CVE-2019-14801: The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL injection.
nvd
CVE-2024-6338P3HIGHCVSS 8.8fixed in 7.5.47.7212≤ 7.5.46.72122024-07-19
CVE-2024-6338 [HIGH] CWE-89 CVE-2024-6338: The FV Flowplayer Video Player plugin for WordPress is vulnerable to time-based SQL Injection via th The FV Flowplayer Video Player plugin for WordPress is vulnerable to time-based SQL Injection via the ‘exclude’ parameter in all versions up to, and including, 7.5.46.7212 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subsc
nvd
CVE-2026-7556P3HIGHCVSS 7.2≤ 7.5.49.72122026-06-09
CVE-2026-7556 [HIGH] CWE-79 CVE-2026-7556: The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user
nvd
CVE-2022-25607P3HIGHCVSS 7.2≤ 7.5.15.7272022-03-18
CVE-2022-25607 [HIGH] CWE-89 CVE-2022-25607: Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowp Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions <= 7.5.15.727).
nvd
CVE-2023-25066P4HIGHCVSS 8.8≤ 7.5.30.7212≥ n/a, ≤ 7.5.30.72122023-02-14
CVE-2023-25066 [HIGH] CWE-352 CVE-2023-25066: Cross-Site Request Forgery (CSRF) vulnerability in FolioVision FV Flowplayer Video Player plugin <= Cross-Site Request Forgery (CSRF) vulnerability in FolioVision FV Flowplayer Video Player plugin <= 7.5.30.7212 versions.
nvd
CVE-2024-5020P4MEDIUMCVSS 6.4≤ 7.5.47.72122024-12-04
CVE-2024-5020 [MEDIUM] CWE-79 CVE-2024-5020: Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundle Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and abov
nvd
CVE-2019-14799P4MEDIUMCVSS 6.1fixed in 7.3.14.7272019-08-09
CVE-2019-14799 [MEDIUM] CWE-79 CVE-2019-14799: The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS. The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS.
nvd
CVE-2026-49773P4MEDIUMCVSS 6.5≥ n/a, < 7.5.51.72122026-06-15
CVE-2026-49773 [MEDIUM] CWE-79 CVE-2026-49773: Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions. Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions.
nvd
CVE-2019-14800P4MEDIUMCVSS 5.3fixed in 7.3.15.7272019-08-15
CVE-2019-14800 [MEDIUM] CWE-200 CVE-2019-14800: The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the em The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export=1 URI.
nvd
CVE-2024-35631P4HIGHCVSS 7.1≥ n/a, ≤ 7.5.45.72122024-06-03
CVE-2024-35631 [HIGH] CWE-79 CVE-2024-35631: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Foliovision FV Flowplayer Video Player allows Reflected XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.45.7212.
nvd
CVE-2023-4520P4MEDIUMCVSS 6.1≤ 7.5.37.72122023-08-25
CVE-2023-4520 [MEDIUM] CWE-79 CVE-2023-4520: The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_fv_player_user_video’ parameter saved via the 'save' function hooked via init, and the plugin is also vulnerable to Arbitrary Usermeta Update via the 'save' function in versions up to, and including, 7.5.37.7212 due to insufficient input sanitizat
nvd
CVE-2020-35748P4MEDIUMCVSS 5.4fixed in 7.4.37.7272021-01-15
CVE-2020-35748 [MEDIUM] CWE-79 CVE-2020-35748: Cross-site scripting (XSS) vulnerability in models/list-table.php in the FV Flowplayer Video Player Cross-site scripting (XSS) vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fv_wp_fvvideoplayer_src JSON field in the data parameter.
nvd
CVE-2022-25613P4MEDIUMCVSS 5.4≤ 7.5.18.7272022-04-04
CVE-2022-25613 [MEDIUM] CWE-79 CVE-2022-25613: Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (Wor Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions <= 7.5.18.727 via &fv_wp_flowplayer_field_splash parameter.
nvd
CVE-2024-32955P4MEDIUMCVSS 4.9≥ n/a, ≤ 7.5.43.72122024-04-24
CVE-2024-32955 [MEDIUM] CWE-918 CVE-2024-32955: Server-Side Request Forgery (SSRF) vulnerability in Foliovision FV Flowplayer Video Player.This issu Server-Side Request Forgery (SSRF) vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.43.7212.
nvd
CVE-2018-0642P4MEDIUMCVSS 6.1≥ 6.1.2, ≤ 6.6.4v6.1.2 to 6.6.42018-09-07
CVE-2018-0642 [MEDIUM] CWE-79 CVE-2018-0642: Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 allows remote attack Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2023-30499P4MEDIUMCVSS 6.1≤ 7.5.32.7212≥ n/a, ≤ 7.5.32.72122023-08-18
CVE-2023-30499 [MEDIUM] CWE-79 CVE-2023-30499: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FolioVision FV Flowplayer Video Player Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FolioVision FV Flowplayer Video Player plugin <= 7.5.32.7212 versions.
nvd
CVE-2024-32078P4MEDIUMCVSS 4.1≥ n/a, ≤ 7.5.44.72122024-04-24
CVE-2024-32078 [MEDIUM] CWE-601 CVE-2024-32078: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Foliovision FV Flowplayer Video URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.44.7212.
nvd
Foliovision Fv Flowplayer Video Player vulnerabilities | cvebase