cleantalk
Vulnerabilities and Security Researches

FV Flowplayer Video Player, CVE-2020-35748

CVE, Research URL

CVE-2020-35748

Home page URL

Security reports for FV Flowplayer Video Player

Application

FV Flowplayer Video Player

Published on
Jan 15, 2021
Research Description
Cross-site scripting (XSS) vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fv_wp_fvvideoplayer_src JSON field in the data parameter.
Affected versions
max 7.4.37.727.
Status
vulnerable
Previous vulnerability researches
FV Flowplayer Video Player (CVE-2026-7556) , Jun 10, 2026
FV Flowplayer Video Player (CVE-2018-0642) , Jun 07, 2024
FV Flowplayer Video Player (CVE-2026-49773) , Jun 10, 2026
FV Flowplayer Video Player (CVE-2019-14800) , Jun 07, 2024
FV Flowplayer Video Player (CVE-2020-35748) , Jun 07, 2024
New vulnerability
JS Help Desk – Best Help Desk & Support Plugin (CVE-2026-48886) , Jun 10, 2026
JS Help Desk – Best Help Desk & Support Plugin (CVE-2026-48887) , Jun 10, 2026
WP Job Portal – A Complete Job Board (CVE-2026-48880) , Jun 10, 2026
MW WP Form (CVE-2026-48871) , Jun 10, 2026
WP Time Slots Booking Form (CVE-2026-48882) , Jun 10, 2026