🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

SpiderVPlayer

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > SpiderVPlayer

Information

Software Type	Plugin
Software Slug	player (view on wordpress.org)
Software Status	Removed
Software Author	10web
Software Website	web-dorado.com
Software Downloads	401,193
Software Active Installs	3,000
Software Record Last Updated	April 16, 2024

7 Vulnerabilities

Video Player <= 1.5.22 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-48320

Nov 23, 2023

Researcher: SeungYongLee

Video Player <= 1.5.22 - Reflected Cross-Site Scripting

6.1

CVE-2023-45632

Oct 11, 2023

Researcher: Elliot

SpiderVPlayer < 1.5.18 - Multiple Blind Authenticated SQL Injections

8.8

CVE ID Unknown

Jul 19, 2016

Researchers: David Vaartjes, Yorick Koster,

SpiderVPlayer< 1.5.5 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Feb 2, 2015

Researcher: James Hooker

SpiderVPlayer <= 1.5.1 - Cross-Site Scripting

6.1

CVE-2014-8584

Nov 11, 2014

Researchers:

SpiderVPlayer <= 2.1 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Dec 9, 2013

Researcher: Ashiyane Digital Security Team

SpiderVPlayer <= 2.1 - SQL Injection

9.8

CVE-2013-3532

Apr 11, 2013

Researcher: Ashiyane Digital Security Team

Title	Status	CVE ID	CVSS	Researchers	Date
Video Player <= 1.5.22 - Authenticated (Administrator+) Stored Cross-Site Scripting	Unpatched	CVE-2023-48320	4.4	SeungYongLee	November 23, 2023
Video Player <= 1.5.22 - Reflected Cross-Site Scripting	Unpatched	CVE-2023-45632	6.1	Elliot	October 11, 2023
SpiderVPlayer < 1.5.18 - Multiple Blind Authenticated SQL Injections	Patched		8.8	David Vaartjes, Yorick Koster,	July 19, 2016
SpiderVPlayer< 1.5.5 - Reflected Cross-Site Scripting	Patched		6.1	James Hooker	February 2, 2015
SpiderVPlayer <= 1.5.1 - Cross-Site Scripting	Patched	CVE-2014-8584	6.1		November 11, 2014
SpiderVPlayer <= 2.1 - Reflected Cross-Site Scripting	Unpatched		6.1	Ashiyane Digital Security Team	December 9, 2013
SpiderVPlayer <= 2.1 - SQL Injection	Unpatched	CVE-2013-3532	9.8	Ashiyane Digital Security Team	April 11, 2013

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation