WordPress Plugin Vulnerabilities

FV Flowplayer Video Player < 7.3.15.727 - SQL Injection

Description

Changelog states:

"Security - fix for SQL injection vulnerability in email subscription"

Affects Plugins

Plugin icon
fv-wordpress-flowplayer
Fixed in 7.3.15.727

References

CVE
CVE-2019-14801
CVE
CVE-2019-14800
URL
https://plugins.trac.wordpress.org/changeset/2088973/fv-wordpress-flowplayer

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Submitter
Ryan Dewhurst
Submitter website
https://wpscan.io
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
ffe296dc-a3c9-4a99-ae25-8b41f95e9443

Timeline

Publicly Published
2019-05-20 (about 6 years ago)
Added
2019-05-20 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2026-02-18
Title
wpForo Forum < 2.4.15 - Unauthenticated Time-Based SQL Injection
Published
2023-07-20
Title
Subscribe to Category <= 2.7.4 - Unauthenticated SQLi
Published
2022-05-30
Title
Better Find and Replace < 1.3.6 - Admin+ SQLi
Published
2025-03-21
Title
ProfileGrid – User Profiles, Groups and Communities < 5.9.4.8 - Authenticated (Subscriber+) SQL Injection
Published
2025-03-27
Title
Cart tracking for WooCommerce < 1.0.17 - Authenticated (Administrator+) SQL Injection