WordPress FV Flowplayer Video Player Plugin <= 7.5.32.7212 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-30499

7.1HIGH

Key Information:

Vendor: WordPress
Status: Fv FloWPlayer Video Player
Vendor: CVE Published:; 18 August 2023

What is CVE-2023-30499?

The FV Flowplayer Video Player plugin for WordPress is susceptible to an unauthenticated reflected Cross-Site Scripting (XSS) vulnerability, allowing attackers to inject arbitrary scripts into web pages viewed by users. This can compromise the security of users by executing malicious scripts, potentially leading to data theft or session hijacking. It is critical for users of the plugin version 7.5.32.7212 and earlier to implement security measures and updates to mitigate exposure.

Affected Version(s)

FV Flowplayer Video Player <= 7.5.32.7212

References

https://patchstack.com/database/vulnerability/fv-wordpres...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2023
Vulnerability Reserved
Apr 11, 2023

Credit

LEE SE HYOUNG (Patchstack Alliance)

CVE-2023-30499 Data

JSON