FV Flowplayer Video Player < 7.3.19.727 – SQL Injection | CVE 2019-13573

Affects Plugins

fv-wordpress-flowplayer

Fixed in 7.3.19.727

References

CVE

CVE-2019-13573

URL

https://www.fortinet.com/blog/threat-research/wordpress-plugin-sql-injection-vulnerability.html

URL

https://plugins.trac.wordpress.org/changeset/2121566

URL

https://github.com/foliovision/fv-wordpress-flowplayer/commit/02bea654fba7ae870c06e768350367903df9855f

URL

https://fortiguard.com/zeroday/FG-VD-19-097

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

CVSS

9.8 (critical)

Miscellaneous

Original Researcher

Tin Duong

Verified

No

WPVDB ID

bb920dda-27eb-4a0f-98c5-c479343eb141

Timeline

Publicly Published

2019-07-11 (about 6 years ago)

Added

2019-07-12 (about 6 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2025-09-09

Title

PagBank / PagSeguro Connect para WooCommerce < 4.44.4 - Authenticated (Shop Manager+) SQL Injection

Published

2014-08-01

Title

Donation <= 1.0 - SQL Injection

Published

2024-10-15

Title

Zoho CRM Lead Magnet < 1.7.9.8 - Contributor+ SQL Injection

Published

2025-04-09

Title

Verowa Connect < 3.1.0 - Admin+ SQL Injection

Published

2022-04-25

Title

3xSocializer <= 0.98.22 - Subscriber+ SQLi