WordPress FV Flowplayer Video Player plugin <= 7.5.18.727 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability
CVE-2022-25613

4.1MEDIUM

Key Information:

Vendor

WordPress
Status
Fv FloWPlayer Video Player (WordPress Plugin)
Vendor
CVE Published:
4 April 2022

What is CVE-2022-25613?

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions <= 7.5.18.727 via &fv_wp_flowplayer_field_splash parameter.

Affected Version(s)

FV Flowplayer Video Player (WordPress plugin) <= 7.5.18.727 <= 7.5.18.727

References

https://wordpress.org/plugins/fv-wordpress-flowplayer/#de...
x_refsource_CONFIRM
https://patchstack.com/database/vulnerability/fv-wordpres...
x_refsource_CONFIRM

CVSS V3.1

Score:
4.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Vulnerability discovered by Ex.Mi (Patchstack).
.