Headline
CVE-2022-25613: WordPress FV Flowplayer Video Player plugin <= 7.5.18.727 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability - Patchstack
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions <= 7.5.18.727 via &fv_wp_flowplayer_field_splash parameter.
fv-wordpress-flowplayer
Software
FV Flowplayer Video Player
Vulnerable Versions
<= 7.5.18.727
Fixed in version
7.5.19.727
CVE
CVE-2022-25613
References
Credits
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Disclosure Date
2022-04-04
CVSS 3.0 score
Requires contributor or higher role user authentication.
Are your websites subject to this vulnerability?
Details
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered by Ex.Mi (Patchstack) in WordPress FV Flowplayer Video Player plugin (versions <= 7.5.18.727).
Solution
Update the WordPress FV Flowplayer Video Player plugin to the latest available version (at least 7.5.19.727).
Found a vulnerability that puts your sites at risk?
Found a vulnerability? Help us secure the web and join our community of ethical hackers.
Are you the developer of this software? Hire our researchers for a thorough security audit.