Foliovision Fv Flowplayer Video Player — known CVE vulnerabilities
Every CVE whose affected-product data names Foliovision Fv Flowplayer Video Player, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2019-13573 — CVSS 9.8 (critical): A SQL injection vulnerability exists in the FolioVision FV Flowplayer Video Player plugin before 7.3.19.727 for WordPress. Successful…
CVE-2019-14801 — CVSS 9.8 (critical): The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL injection.
CVE-2024-6338 — CVSS 8.8 (high): The FV Flowplayer Video Player plugin for WordPress is vulnerable to time-based SQL Injection via the ‘exclude’ parameter in all…
CVE-2023-30499 — CVSS 7.1 (high): Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FolioVision FV Flowplayer Video Player plugin <= 7.5.32.7212 versions.
CVE-2022-25607 — CVSS 6.6 (medium): Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin…
CVE-2021-39350 — CVSS 6.1 (medium): The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter found in the…
CVE-2019-14799 — CVSS 6.1 (medium): The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS.
CVE-2018-0642 — CVSS 6.1 (medium): Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 allows remote attackers to inject arbitrary web script or…
CVE-2020-35748 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress…
CVE-2023-4520 — CVSS 5.4 (medium): The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_fv_player_user_video’…
CVE-2019-14800 — CVSS 5.3 (medium): The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via…
CVE-2023-25066 — CVSS 4.3 (medium): Cross-Site Request Forgery (CSRF) vulnerability in FolioVision FV Flowplayer Video Player plugin <= 7.5.30.7212 versions.
CVE-2022-25613 — CVSS 4.1 (medium): Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions <= 7.5.18.727…