WordPress Plugin Vulnerabilities

FV Flowplayer Video Player < 7.4.38.727 - Authenticated Stored Cross-Site Scripting (XSS)

Description

The plugin did not sanitise the fv_wp_fvvideoplayer_src parameter when creating or editing the video player, which will then be triggered when viewing the table of players in the admin dashboard

Affects Plugins

fv-wordpress-flowplayer

Fixed in version 7.4.38.727

References

CVE

CVE-2020-35748

URL

https://arkango.github.io/CVE-2020/CVE-2020-35748%20xss%20FV%20Flowplayer%20Video%20Player%20Wordpress%20plugin.html

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

Arcangelo Saracino

Verified

WPVDB ID

86b26cde-2b98-4596-b0bc-02d65bd4f764

Timeline

Publicly Published

2021-01-15 (about 1 years ago)

Added

2021-01-15 (about 1 years ago)

Last Updated

2021-01-16 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin