CVE-2022-25613

WordPress FV Flowplayer Video Player plugin <= 7.5.18.727 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

CVSS 4.1 MEDIUMEPSS 0.5%CWE-79

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions <= 7.5.18.727 via &fv_wp_flowplayer_field_splash parameter.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

Affected products

FolioVision · FV Flowplayer Video Player (WordPress plugin)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://patchstack.com/database/vulnerability/fv-wordpress-flowplayer/wordpress-fv-flowplayer-video-player-plugin-7-5-18-727-authenticated-persistent-cross-site-scripting-xss-vulnerability https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers