CVE-2019-14800
FV Flowplayer Video Player <= 7.3.14.727 - Sensitive Information Exposure
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export=1 URI.
El plugin FV Flowplayer Video Player versiones anteriores a 7.3.15.727 para WordPress, permite a invitados obtener la lista de suscripción de correo electrónico en formato CSV por medio del URI wp-admin/admin-post.php?Page=fvplayer&fv-email-export=1.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-05-20 CVE Published
- 2019-08-09 CVE Reserved
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers | Release Notes |
| URL | Date | SRC |
|---|---|---|
| https://www.pluginvulnerabilities.com/2019/05/15/information-disclosure-vulnerability-in-fv-player-fv-flowplayer-video-player | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Foliovision Search vendor "Foliovision" | Fv Flowplayer Video Player Search vendor "Foliovision" for product "Fv Flowplayer Video Player" | < 7.3.15.727 Search vendor "Foliovision" for product "Fv Flowplayer Video Player" and version " < 7.3.15.727" | wordpress |
Affected
| ||||||