FV Flowplayer Video Player

Software Type	Plugin
Software Slug	fv-wordpress-flowplayer (view on wordpress.org)
Software Status	Active
Software Author	foliovision
Software Website	foliovision.com
Software Downloads	2,298,874
Software Active Installs	20,000
Software Record Last Updated	July 26, 2024

Showing 1-20 of 23 Vulnerabilities

FV Player <= 7.5.46.7212 - Authenticated (Subscriber+) SQL Injection via exclude Parameter

8.8

CVE-2024-6338

Jul 18, 2024

Researcher: Arkadiusz Hydzik

FV Flowplayer Video Player <= 7.5.45.7212 - Reflected Cross-Site Scripting

6.1

CVE-2024-35631

May 27, 2024

Researcher: Dimas Maulana

FV Flowplayer Video Player <= 7.5.43.7212 - Authenticated (Subscriber+) Server-side Request Forgery

6.4

CVE-2024-32955

Apr 22, 2024

Researcher: Steven Julian

FV Flowplayer Video Player <= 7.5.44.7212 - Authenticated (Contributor+) Arbitrary Redirect

5.4

CVE-2024-32078

Apr 11, 2024

Researcher: Byeongjun Jo

FV Flowplayer Video Player <= 7.5.41.7212 - Reflected Cross-Site Scripting

6.1

CVE-2024-22299

Mar 26, 2024

Researcher: Rafie Muhammad

FV Flowplayer Video Player <= 7.5.41.7212 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-29122

Mar 16, 2024

Researcher: Byeongjun Jo

FV Flowplayer Video Player <= 7.5.37.7212 - Insufficient Input Validation to Unauthenticated Stored Cross-Site Scripting and Arbitrary Usermeta Update

5.4

CVE-2023-4520

Aug 24, 2023

Researcher: István Márton

FV Flowplayer Video Player <= 7.5.32.7212 - Reflected Cross-Site Scripting via id

6.1

CVE-2023-30499

May 3, 2023

Researcher: LEE SE HYOUNG

FV Flowplayer Video Player <= 7.5.30.7210 - Cross-Site Request Forgery

4.3

CVE-2023-25066

Feb 2, 2023

Researcher: Cat

FV Flowplayer Video Player <= 7.5.18.727 - Stored Cross-Site Scripting

6.4

CVE-2022-25613

Apr 4, 2022

Researcher: RE-ALTER

FV Flowplayer Video Player <= 7.5.15.727 - SQL Injection

7.2

CVE-2022-25607

Mar 18, 2022

Researcher: Tien Nguyen Ahn

FV Flowplayer Video Player 7.5.0.727 - 7.5.2.727 - Reflected Cross-Site Scripting via player_id Parameter

6.1

CVE-2021-39350

Oct 5, 2021

Researchers: Margaux DABERT, Erwan LR

FV Flowplayer Video Player <= 7.4.37.727 - Authenticated Stored Cross-Site Scripting

6.4

CVE-2020-35748

Jan 15, 2021

Researcher: Arcangelo Saracino

FV Flowplayer Video Player <= 7.3.18.727 - SQL Injection

9.8

CVE-2019-13573

Jul 11, 2019

Researcher: Tin Duong

FV Flowplayer Video Player <= 7.3.13.727 - Unauthenticated Stored Cross-Site Scripting

6.1

CVE-2019-14799

May 20, 2019

Researcher: WebARX Security

FV Flowplayer Video Player <= 7.3.14.727 - SQL Injection

9.8

CVE-2019-14801

May 20, 2019

Researchers:

FV Flowplayer Video Player <= 7.3.14.727 - Sensitive Information Exposure

5.3

CVE-2019-14800

May 20, 2019

Researchers:

FV Flowplayer Video Player <= 7.3.14.727 - Unauthenticated SQL Injection

9.3

CVE ID Unknown

May 16, 2019

Researchers:

FV Flowplayer Video Player <= 7.3.14.727 - Sensitive Data Exposure

5.3

CVE ID Unknown

May 16, 2019

Researchers:

FV Flowplayer Video Player <= 7.2.0.727 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Sep 21, 2018

Researcher: Janek Vind

Title	Status	CVE ID	CVSS	Researchers	Date
FV Player <= 7.5.46.7212 - Authenticated (Subscriber+) SQL Injection via exclude Parameter	Patched	CVE-2024-6338	8.8	Arkadiusz Hydzik	July 18, 2024
FV Flowplayer Video Player <= 7.5.45.7212 - Reflected Cross-Site Scripting	Patched	CVE-2024-35631	6.1	Dimas Maulana	May 27, 2024
FV Flowplayer Video Player <= 7.5.43.7212 - Authenticated (Subscriber+) Server-side Request Forgery	Patched	CVE-2024-32955	6.4	Steven Julian	April 22, 2024
FV Flowplayer Video Player <= 7.5.44.7212 - Authenticated (Contributor+) Arbitrary Redirect	Patched	CVE-2024-32078	5.4	Byeongjun Jo	April 11, 2024
FV Flowplayer Video Player <= 7.5.41.7212 - Reflected Cross-Site Scripting	Patched	CVE-2024-22299	6.1	Rafie Muhammad	March 26, 2024
FV Flowplayer Video Player <= 7.5.41.7212 - Authenticated (Contributor+) Stored Cross-Site Scripting	Patched	CVE-2024-29122	6.4	Byeongjun Jo	March 16, 2024
FV Flowplayer Video Player <= 7.5.37.7212 - Insufficient Input Validation to Unauthenticated Stored Cross-Site Scripting and Arbitrary Usermeta Update	Patched	CVE-2023-4520	5.4	István Márton	August 24, 2023
FV Flowplayer Video Player <= 7.5.32.7212 - Reflected Cross-Site Scripting via id	Patched	CVE-2023-30499	6.1	LEE SE HYOUNG	May 3, 2023
FV Flowplayer Video Player <= 7.5.30.7210 - Cross-Site Request Forgery	Patched	CVE-2023-25066	4.3	Cat	February 2, 2023
FV Flowplayer Video Player <= 7.5.18.727 - Stored Cross-Site Scripting	Patched	CVE-2022-25613	6.4	RE-ALTER	April 4, 2022
FV Flowplayer Video Player <= 7.5.15.727 - SQL Injection	Patched	CVE-2022-25607	7.2	Tien Nguyen Ahn	March 18, 2022
FV Flowplayer Video Player 7.5.0.727 - 7.5.2.727 - Reflected Cross-Site Scripting via player_id Parameter	Patched	CVE-2021-39350	6.1	Margaux DABERT, Erwan LR	October 5, 2021
FV Flowplayer Video Player <= 7.4.37.727 - Authenticated Stored Cross-Site Scripting	Patched	CVE-2020-35748	6.4	Arcangelo Saracino	January 15, 2021
FV Flowplayer Video Player <= 7.3.18.727 - SQL Injection	Patched	CVE-2019-13573	9.8	Tin Duong	July 11, 2019
FV Flowplayer Video Player <= 7.3.13.727 - Unauthenticated Stored Cross-Site Scripting	Patched	CVE-2019-14799	6.1	WebARX Security	May 20, 2019
FV Flowplayer Video Player <= 7.3.14.727 - SQL Injection	Patched	CVE-2019-14801	9.8		May 20, 2019
FV Flowplayer Video Player <= 7.3.14.727 - Sensitive Information Exposure	Patched	CVE-2019-14800	5.3		May 20, 2019
FV Flowplayer Video Player <= 7.3.14.727 - Unauthenticated SQL Injection	Patched		9.3		May 16, 2019
FV Flowplayer Video Player <= 7.3.14.727 - Sensitive Data Exposure	Patched		5.3		May 16, 2019
FV Flowplayer Video Player <= 7.2.0.727 - Reflected Cross-Site Scripting	Patched		6.1	Janek Vind	September 21, 2018

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation