CVE-2019-14800

5.3MEDIUM

Key Information:

Vendor: Wordpress
Status: Fv FloWPlayer Video Player
Vendor: CVE Published:; 15 August 2019

Summary

The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export=1 URI.

References

https://wordpress.org/plugins/fv-wordpress-flowplayer/#de...

x_refsource_MISC

https://www.pluginvulnerabilities.com/2019/05/15/informat...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 15, 2019
Vulnerability Reserved
Aug 9, 2019