FV Flowplayer Video Player

Information

Software Type Plugin
Software Slug fv-wordpress-flowplayer (view on wordpress.org)
Software Status Active
Software Author foliovision
Software Website foliovision.com
Software Downloads 2,316,669
Software Active Installs 20,000
Software Record Last Updated October 3, 2024

Showing 1-20 of 23 Vulnerabilities

5.3
CVE ID Unknown
May 16, 2019
Researchers:
Title Status CVE ID CVSS Researchers Date
FV Player <= 7.5.46.7212 - Authenticated (Subscriber+) SQL Injection via exclude Parameter Patched CVE-2024-6338 8.8 Arkadiusz Hydzik July 18, 2024
FV Flowplayer Video Player <= 7.5.45.7212 - Reflected Cross-Site Scripting Patched CVE-2024-35631 6.1 Dimas Maulana May 27, 2024
FV Flowplayer Video Player <= 7.5.43.7212 - Authenticated (Subscriber+) Server-side Request Forgery Patched CVE-2024-32955 6.4 Steven Julian April 22, 2024
FV Flowplayer Video Player <= 7.5.44.7212 - Authenticated (Contributor+) Arbitrary Redirect Patched CVE-2024-32078 5.4 Byeongjun Jo April 11, 2024
FV Flowplayer Video Player <= 7.5.41.7212 - Reflected Cross-Site Scripting Patched CVE-2024-22299 6.1 Rafie Muhammad March 26, 2024
FV Flowplayer Video Player <= 7.5.41.7212 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2024-29122 6.4 Byeongjun Jo March 16, 2024
FV Flowplayer Video Player <= 7.5.37.7212 - Insufficient Input Validation to Unauthenticated Stored Cross-Site Scripting and Arbitrary Usermeta Update Patched CVE-2023-4520 5.4 István Márton August 24, 2023
FV Flowplayer Video Player <= 7.5.32.7212 - Reflected Cross-Site Scripting via id Patched CVE-2023-30499 6.1 LEE SE HYOUNG May 3, 2023
FV Flowplayer Video Player <= 7.5.30.7210 - Cross-Site Request Forgery Patched CVE-2023-25066 4.3 Cat February 2, 2023
FV Flowplayer Video Player <= 7.5.18.727 - Stored Cross-Site Scripting Patched CVE-2022-25613 6.4 RE-ALTER April 4, 2022
FV Flowplayer Video Player <= 7.5.15.727 - SQL Injection Patched CVE-2022-25607 7.2 Tien Nguyen Ahn March 18, 2022
FV Flowplayer Video Player 7.5.0.727 - 7.5.2.727 - Reflected Cross-Site Scripting via player_id Parameter Patched CVE-2021-39350 6.1 Margaux DABERT, Erwan LR October 5, 2021
FV Flowplayer Video Player <= 7.4.37.727 - Authenticated Stored Cross-Site Scripting Patched CVE-2020-35748 6.4 Arcangelo Saracino January 15, 2021
FV Flowplayer Video Player <= 7.3.18.727 - SQL Injection Patched CVE-2019-13573 9.8 Tin Duong July 11, 2019
FV Flowplayer Video Player <= 7.3.13.727 - Unauthenticated Stored Cross-Site Scripting Patched CVE-2019-14799 6.1 WebARX Security May 20, 2019
FV Flowplayer Video Player <= 7.3.14.727 - SQL Injection Patched CVE-2019-14801 9.8 May 20, 2019
FV Flowplayer Video Player <= 7.3.14.727 - Sensitive Information Exposure Patched CVE-2019-14800 5.3 May 20, 2019
FV Flowplayer Video Player <= 7.3.14.727 - Unauthenticated SQL Injection Patched 9.3 May 16, 2019
FV Flowplayer Video Player <= 7.3.14.727 - Sensitive Data Exposure Patched 5.3 May 16, 2019
FV Flowplayer Video Player <= 7.2.0.727 - Reflected Cross-Site Scripting Patched 6.1 Janek Vind September 21, 2018

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation