Which FV Flowplayer Video Player CVEs are tracked?

FV Flowplayer Video Player tracked CVEs include CVE-2019-13573, CVE-2019-14801, CVE-2024-6338, CVE-2022-25607, and CVE-2024-32955.

How many FV Flowplayer Video Player vulnerabilities have patch guidance?

23 of 23 tracked FV Flowplayer Video Player records include a published patch path.

Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 23 known issues Latest disclosed Jul 18, 2024

FV Flowplayer Video Player Vulnerabilities

Review known vulnerability records for the WordPress plugin FV Flowplayer Video Player (`fv-wordpress-flowplayer`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2024-6338, CVE-2024-35631 and CVE-2024-32955, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Jul 19, 2024

Priority CVE Quick Links

Fast paths into FV Flowplayer Video Player CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2019-13573 Critical 7.3.19.727

CVE-2019-13573 FV Flowplayer Video Player SQL Injection

FV Flowplayer Video Player <= 7.3.18.727 - SQL Injection

CVE-2019-14801 Critical 7.3.15.727

CVE-2019-14801 FV Flowplayer Video Player SQL Injection

FV Flowplayer Video Player <= 7.3.14.727 - SQL Injection

CVE-2024-6338 High 7.5.47.7212

CVE-2024-6338 FV Flowplayer Video Player SQL Injection

FV Player <= 7.5.46.7212 - Authenticated (Subscriber+) SQL Injection via exclude Parameter

CVE-2022-25607 High 7.5.18.727

CVE-2022-25607 FV Flowplayer Video Player SQL Injection

FV Flowplayer Video Player <= 7.5.15.727 - SQL Injection

CVE-2024-32955 Medium 7.5.45.7212

CVE-2024-32955 FV Flowplayer Video Player Server-Side Request Forgery

FV Flowplayer Video Player <= 7.5.43.7212 - Authenticated (Subscriber+) Server-side Request Forgery

CVE-2024-29122 Medium 7.5.44.7212

CVE-2024-29122 FV Flowplayer Video Player Stored Cross-Site Scripting

FV Flowplayer Video Player <= 7.5.41.7212 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2022-25613 Medium 7.5.19.728

CVE-2022-25613 FV Flowplayer Video Player Stored Cross-Site Scripting

FV Flowplayer Video Player <= 7.5.18.727 - Stored Cross-Site Scripting

CVE-2020-35748 Medium 7.4.38.727

CVE-2020-35748 FV Flowplayer Video Player Stored Cross-Site Scripting

FV Flowplayer Video Player <= 7.4.37.727 - Authenticated Stored Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for FV Flowplayer Video Player so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

23 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

3 critical and 2 high severity findings.

Recent CVEs

CVE-2024-6338, CVE-2024-35631 and CVE-2024-32955

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2024-6338 High Patch path listed

CVE-2024-6338: FV Player <= 7.5.46.7212 - Authenticated (Subscriber+) SQL Injection via exclude Parameter

The FV Flowplayer Video Player plugin for WordPress is vulnerable to time-based SQL Injection via the ‘exclude’ parameter in all versions up to, and including, 7.5.46.7212 due to insufficien...

Published

Jul 18, 2024

Patch Status

7.5.47.7212

Open CVE-2024-6338 Report

CVE-2024-35631 Medium Patch path listed

CVE-2024-35631: FV Flowplayer Video Player <= 7.5.45.7212 - Reflected Cross-Site Scripting

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 7.5.45.7212 due to insufficient input sanitization a...

Published

May 27, 2024

Patch Status

7.5.46.7212

Open CVE-2024-35631 Report

CVE-2024-32955 Medium Patch path listed

CVE-2024-32955: FV Flowplayer Video Player <= 7.5.43.7212 - Authenticated (Subscriber+) Server-side Request Forgery

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.5.43.7212. This makes it possible for authenticated a...

Published

Apr 22, 2024

Patch Status

7.5.45.7212

Open CVE-2024-32955 Report

Known Vulnerabilities

Reports for FV Flowplayer Video Player

Sorted by latest disclosure date so newly published issues surface first.

Plugin High Patched: Yes CVE-2024-6338

CVE-2024-6338: FV Player <= 7.5.46.7212 - Authenticated (Subscriber+) SQL Injection via exclude Parameter

The FV Flowplayer Video Player plugin for WordPress is vulnerable to time-based SQL Injection via the ‘exclude’ parameter in all versions up to, and including, 7.5.46.7212 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi...

Published

Jul 18, 2024

Patched Release

7.5.47.7212

Affected Versions

Versions up to 7.5.46.7212

Next Step

Update to 7.5.47.7212 or newer if supported.

Open CVE-2024-6338 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-35631

CVE-2024-35631: FV Flowplayer Video Player <= 7.5.45.7212 - Reflected Cross-Site Scripting

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 7.5.45.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

Published

May 27, 2024

Patched Release

7.5.46.7212

Affected Versions

Versions up to 7.5.45.7212

Next Step

Update to 7.5.46.7212 or newer if supported.

Open CVE-2024-35631 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-32955

CVE-2024-32955: FV Flowplayer Video Player <= 7.5.43.7212 - Authenticated (Subscriber+) Server-side Request Forgery

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.5.43.7212. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locati...

Published

Apr 22, 2024

Patched Release

7.5.45.7212

Affected Versions

Versions up to 7.5.43.7212

Next Step

Update to 7.5.45.7212 or newer if supported.

Open CVE-2024-32955 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-32078

CVE-2024-32078: FV Flowplayer Video Player <= 7.5.44.7212 - Authenticated (Contributor+) Arbitrary Redirect

The FV Flowplayer Video Player plugin for WordPress is vulnerable to unauthorized redirects in all versions up to, and including, 7.5.44.7212. This is due to the plugin not restricting contributor and above users from being able to add redirects at the end of videos. This makes i...

Published

Apr 11, 2024

Patched Release

7.5.45.7212

Affected Versions

Versions up to 7.5.44.7212

Next Step

Update to 7.5.45.7212 or newer if supported.

Open CVE-2024-32078 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-22299

CVE-2024-22299: FV Flowplayer Video Player <= 7.5.41.7212 - Reflected Cross-Site Scripting

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 7.5.41.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

Published

Mar 26, 2024

Patched Release

7.5.44.7212

Affected Versions

Versions up to 7.5.41.7212

Next Step

Update to 7.5.44.7212 or newer if supported.

Open CVE-2024-22299 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-29122

CVE-2024-29122: FV Flowplayer Video Player <= 7.5.41.7212 - Authenticated (Contributor+) Stored Cross-Site Scripting

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 7.5.41.7212 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level ac...

Published

Mar 16, 2024

Patched Release

7.5.44.7212

Affected Versions

Versions up to 7.5.41.7212

Next Step

Update to 7.5.44.7212 or newer if supported.

Open CVE-2024-29122 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-4520

CVE-2023-4520: FV Flowplayer Video Player <= 7.5.37.7212 - Insufficient Input Validation to Unauthenticated Stored Cross-Site Scripting and Arbitrary Usermeta Update

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_fv_player_user_video’ parameter saved via the 'save' function hooked via init, and the plugin is also vulnerable to Arbitrary Usermeta Update via the 'save' function in vers...

Published

Aug 24, 2023

Patched Release

7.5.39.7212

Affected Versions

Versions up to 7.5.37.7212

Next Step

Update to 7.5.39.7212 or newer if supported.

Open CVE-2023-4520 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-30499

CVE-2023-30499: FV Flowplayer Video Player <= 7.5.32.7212 - Reflected Cross-Site Scripting via id

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in versions up to, and including, 7.5.32.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...

Published

May 03, 2023

Patched Release

7.5.35.7212

Affected Versions

Versions up to 7.5.32.7212

Next Step

Update to 7.5.35.7212 or newer if supported.

Open CVE-2023-30499 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-25066

CVE-2023-25066: FV Flowplayer Video Player <= 7.5.30.7210 - Cross-Site Request Forgery

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.5.30.7210. This is due to missing or incorrect nonce validation on the settings_toggle() function. This makes it possible for unauthenticated attack...

Published

Feb 02, 2023

Patched Release

7.5.31.7212

Affected Versions

Versions up to 7.5.30.7210

Next Step

Update to 7.5.31.7212 or newer if supported.

Open CVE-2023-25066 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2022-25613

CVE-2022-25613: FV Flowplayer Video Player <= 7.5.18.727 - Stored Cross-Site Scripting

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions

Published

Apr 04, 2022

Patched Release

7.5.19.728

Affected Versions

Versions up to 7.5.18.727

Next Step

Update to 7.5.19.728 or newer if supported.

Open CVE-2022-25613 Report Open CVE Reference

Plugin High Patched: Yes CVE-2022-25607

CVE-2022-25607: FV Flowplayer Video Player <= 7.5.15.727 - SQL Injection

Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions

Published

Mar 18, 2022

Patched Release

7.5.18.727

Affected Versions

Versions up to 7.5.15.727

Next Step

Update to 7.5.18.727 or newer if supported.

Open CVE-2022-25607 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2021-39350

CVE-2021-39350: FV Flowplayer Video Player 7.5.0.727 - 7.5.2.727 - Reflected Cross-Site Scripting via player_id Parameter

The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter found in the ~/view/stats.php file which allows attackers to inject arbitrary web scripts, in versions 7.5.0.727 - 7.5.2.727.

Published

Oct 05, 2021

Patched Release

7.5.3.727

Affected Versions

7.5.0.727 through 7.5.2.727

Next Step

Update to 7.5.3.727 or newer if supported.

Open CVE-2021-39350 Report Open CVE Reference