WordPress Plugin Vulnerabilities

FV Flowplayer Video Player < 7.2.1.727 - Authenticated Cross-Site Scripting (XSS)

Description

The FV Flowplayer Video Player WordPress plugin was affected by an Authenticated Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
fv-wordpress-flowplayer
Fixed in 7.2.1.727

References

URL
https://packetstormsecurity.com/files/#149466/
URL
https://plugins.trac.wordpress.org/changeset/1944220/fv-wordpress-flowplayer

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher
Janek Vind "waraxe"
Submitter
Ryan Dewhurst
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
4db87ba4-6e12-4cb4-b3da-bb5e29b6c908

Timeline

Publicly Published
2018-09-21 (about 7 years ago)
Added
2018-09-24 (about 7 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2023-04-26
Title
SEO ALert <= 1.59 - Admin+ Stored XSS
Published
2022-11-30
Title
Paytium < 4.3.7 - Admin+ Stored XSS
Published
2024-06-22
Title
WordPress Plugin Tournamatch < 4.6.1 - Admin+ Stored XSS via Ladders
Published
2025-10-01
Title
NEX-Forms LITE < 8.2 - Unauthenticated Stored Cross-Site Scripting
Published
2025-07-15
Title
Affiliate Reviews < 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via numColumns Parameter