Login

Tag Archives: FV Flowplayer Video Player

15 May 2019

Information Disclosure Vulnerability in FV Player (FV Flowplayer Video Player)

Earlier today we noted a security company putting out inaccurate information on vulnerabilities in a WordPress plugin. That isn’t uncommon, as while looking into who might have discovered a recent vulnerability we found NinTechNet suggesting updating the plugin, FV Player (FV Flowplayer Video Player), to version 7.3.13.727:

WordPress “FV Flowplayer Video Player” plugin (40,000+ active installations) fixed XSS vulnerability. Update to v7.3.13.727. [Read more]

15 May 2019

Vulnerability Details: Persistent Cross-Site Scripting (XSS) Vulnerability in FV Player (FV Flowplayer Video Player)

One of the changelog entries for the latest version of FV Player (FV Flowplayer Video Player) is “Security – fix for XSS vulnerability in email subscription”. When we started to look into that what we found is not only that there had been persistent cross-site scripting (XSS) vulnerability fixed in the email subscription functionality, but there is also another another vulnerability in that same functionality, which we will disclose in a follow up post.

[Read more]