WordPress Plugin Vulnerabilities
FV Flowplayer Video Player < 7.4.38.727 - Authenticated Stored Cross-Site Scripting (XSS)
Description
The plugin did not sanitise the fv_wp_fvvideoplayer_src parameter when creating or editing the video player, which will then be triggered when viewing the table of players in the admin dashboard
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Arcangelo Saracino
Verified
No
WPVDB ID
Timeline
Publicly Published
2021-01-15 (about 3 years ago)
Added
2021-01-15 (about 3 years ago)
Last Updated
2021-01-16 (about 3 years ago)