FV Flowplayer Video Player <= 7.3.14.727 - SQL Injection



Description
Changelog states:

"Security - fix for SQL injection vulnerability in email subscription"

Affects Plugin

fixed in version 7.3.15.727

References

CVE 2019-14801
CVE 2019-14800
URL https://plugins.trac.wordpress.org/changeset/2088973/fv-wordpress-flowplayer

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Submitter Ryan Dewhurst
Submitter Website https://wpscan.io
Submitter Twitter ethicalhack3r
Views 2916
Verified No
WPVDB ID 9279

Timeline

Publicly Published 2019-05-20 (4 months ago)
Added 2019-05-20 (4 months ago)
Last Updated 2019-08-21 (about 1 month ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin