Page 2 of 13 results (0.006 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions <= 7.5.15.727). Se ha detectado una vulnerabilidad de inyección SQL (SQLi) Autenticada (rol de autor o usuario superior) en el plugin FV Flowplayer Video Player de WordPress (versiones anteriores a 7.5.15.727 incluyéndola) • https://patchstack.com/database/vulnerability/fv-wordpress-flowplayer/wordpress-fv-flowplayer-video-player-plugin-7-5-15-727-sql-injection-sqli-vulnerability https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter found in the ~/view/stats.php file which allows attackers to inject arbitrary web scripts, in versions 7.5.0.727 - 7.5.2.727. El plugin FV Flowplayer Video Player de WordPress es vulnerable a un ataque de tipo Cross-Site Scripting Reflejado por medio del parámetro player_id encontrado en el archivo ~/view/stats.php que permite a atacantes inyectar scripts web arbitrarios, en versiones 7.5.0.727 - 7.5.2.727 • https://plugins.trac.wordpress.org/changeset/2580834/fv-wordpress-flowplayer/trunk/view/stats.php https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39350 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fv_wp_fvvideoplayer_src JSON field in the data parameter. Una vulnerabilidad de tipo Cross-site scripting (XSS) en el archivo models/list-table.php en el plugin FV Flowplayer Video Player versiones anteriores a 7.4.37.727, para WordPress permite a usuarios autenticados remotos inyectar un script web o HTML arbitrario por medio del campo JSON fv_wp_fvvideoplayer_src en el parámetro data • https://docs.google.com/document/d/1xUTEmWqfy3u3KBSTjxCAGe3gIF15awFmzgCXrKfVl2U/edit?usp=sharing https://github.com/arkango • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

A SQL injection vulnerability exists in the FolioVision FV Flowplayer Video Player plugin before 7.3.19.727 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system. Existe una vulnerabilidad de inyección SQL en el plugin FolioVision FV Flowplayer Video Player en versiones anteriores a la 7.3.19.727 para WordPress. La explotación con éxito de esta vulnerabilidad podría permitir que un atacante remoto ejecute comandos SQL en el sistema afectado. • https://fortiguard.com/zeroday/FG-VD-19-097 https://plugins.trac.wordpress.org/changeset/2121566/fv-wordpress-flowplayer/trunk/models/db.php https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers https://wpvulndb.com/vulnerabilities/9451 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL injection. El plugin FV Flowplayer Video Player en versiones anteriores a 7.3.15.727 para WordPress, permite una inyección SQL en la suscripción de correo electrónico. • https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •