logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

FV Flowplayer Video Player < 7.4.38.727 - Authenticated Stored Cross-Site Scripting (XSS)

Description

The plugin did not sanitise the fv_wp_fvvideoplayer_src parameter when creating or editing the video player, which will then be triggered when viewing the table of players in the admin dashboard

Affects Plugins

fv-wordpress-flowplayer

Fixed in version 7.4.38.727

References

CVE

CVE-2020-35748

URL

https://arkango.github.io/CVE-2020/CVE-2020-35748%20xss%20FV%20Flowplayer%20Video%20Player%20Wordpress%20plugin.html

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

Arcangelo Saracino

Verified

No

WPVDB ID

86b26cde-2b98-4596-b0bc-02d65bd4f764

Timeline

Publicly Published

2021-01-15 (about 3 months ago)

Added

2021-01-15 (about 3 months ago)

Last Updated

2021-01-16 (about 3 months ago)

Our Other Services

WPScan WordPress Security Plugin