cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-6338,https://securityvulnerability.io/vulnerability/CVE-2024-6338,Time-Based SQL Injection Vulnerability in FV Flowplayer Video Player,"The FV Flowplayer Video Player plugin for WordPress is susceptible to a time-based SQL Injection vulnerability. This issue exists due to improper handling of the ‘exclude’ parameter, where the lack of sufficient escaping on user-supplied data allows attackers with Subscriber-level access or higher to inject additional SQL queries. This exploitation could lead to unauthorized access and extraction of sensitive data from the database, posing a significant risk to affected WordPress installations. It is imperative for site administrators to update to the latest plugin version to mitigate this risk.",Wordpress,Fv FloWPlayer Video Player,8.8,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-07-19T07:36:48.921Z,0
CVE-2023-4520,https://securityvulnerability.io/vulnerability/CVE-2023-4520,Stored Cross-Site Scripting and Arbitrary Usermeta Update in FV Flowplayer Video Player Plugin,"The FV Flowplayer Video Player plugin for WordPress is susceptible to Stored Cross-Site Scripting via the '_fv_player_user_video' parameter, which can be manipulated by unauthenticated attackers. This vulnerability stems from inadequate input sanitization and output escaping within the 'save' function hooked to 'init'. Attackers can inject malicious web scripts that execute when users access affected pages, posing a significant risk to user data integrity. Additionally, the plugin is vulnerable to Arbitrary Usermeta Update, allowing attackers to alter user meta information, though the meta value is restricted to strings. This can compromise user accounts and disrupt user experience.",Wordpress,FV Flowplayer Video Player,6.1,MEDIUM,0.0007600000244565308,false,,false,false,false,,false,false,2023-08-25T03:15:00.000Z,0
CVE-2022-25613,https://securityvulnerability.io/vulnerability/CVE-2022-25613,WordPress FV Flowplayer Video Player plugin <= 7.5.18.727 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability,Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions <= 7.5.18.727 via &fv_wp_flowplayer_field_splash parameter.,Wordpress,Fv FloWPlayer Video Player (WordPress Plugin),4.1,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-04-04T00:00:00.000Z,0
CVE-2022-25607,https://securityvulnerability.io/vulnerability/CVE-2022-25607,WordPress FV Flowplayer Video Player plugin <= 7.5.15.727 - SQL Injection (SQLi) vulnerability,Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions <= 7.5.15.727).,Wordpress,Fv FloWPlayer Video Player (WordPress Plugin),6.6,MEDIUM,0.0009500000160187483,false,,false,false,false,,false,false,2022-03-18T00:00:00.000Z,0
CVE-2021-39350,https://securityvulnerability.io/vulnerability/CVE-2021-39350,FV Flowplayer Video Player <= 7.5.0.727 - 7.5.2.727 Reflected Cross-Site Scripting,"The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter found in the ~/view/stats.php file which allows attackers to inject arbitrary web scripts, in versions 7.5.0.727 - 7.5.2.727.",Wordpress,Fv FloWPlayer Video Player,6.1,MEDIUM,0.0027699999045580626,false,,false,false,false,,false,false,2021-10-06T16:15:00.000Z,0
CVE-2020-35748,https://securityvulnerability.io/vulnerability/CVE-2020-35748,,Cross-site scripting (XSS) vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fv_wp_fvvideoplayer_src JSON field in the data parameter.,Wordpress,Fv FloWPlayer Video Player,5.4,MEDIUM,0.0009299999801442027,false,,false,false,false,,false,false,2021-01-15T16:50:42.000Z,0
CVE-2019-14800,https://securityvulnerability.io/vulnerability/CVE-2019-14800,,The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export=1 URI.,Wordpress,Fv FloWPlayer Video Player,5.3,MEDIUM,0.0014100000262260437,false,,false,false,false,,false,false,2019-08-15T14:53:42.000Z,0
CVE-2019-14801,https://securityvulnerability.io/vulnerability/CVE-2019-14801,,The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL injection.,Wordpress,Fv FloWPlayer Video Player,9.8,CRITICAL,0.0016400000313296914,false,,false,false,false,,false,false,2019-08-09T13:22:24.000Z,0
CVE-2019-14799,https://securityvulnerability.io/vulnerability/CVE-2019-14799,,The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS.,Wordpress,Fv FloWPlayer Video Player,6.1,MEDIUM,0.001560000004246831,false,,false,false,false,,false,false,2019-08-09T12:18:29.000Z,0
CVE-2019-13573,https://securityvulnerability.io/vulnerability/CVE-2019-13573,,A SQL injection vulnerability exists in the FolioVision FV Flowplayer Video Player plugin before 7.3.19.727 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.,Wordpress,Fv FloWPlayer Video Player,9.8,CRITICAL,0.002589999930933118,false,,false,false,false,,false,false,2019-07-17T15:55:37.000Z,0