CVE-2022-25607

Опубликовано: 18 мар. 2022

Источник: nvd

CVSS3: 6.6

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions <= 7.5.15.727).

Ссылки

https://patchstack.com/database/vulnerability/fv-wordpress-flowplayer/wordpress-fv-flowplayer-video-player-plugin-7-5-15-727-sql-injection-sqli-vulnerability
Third Party Advisory
https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers
Product
Release Notes
https://patchstack.com/database/vulnerability/fv-wordpress-flowplayer/wordpress-fv-flowplayer-video-player-plugin-7-5-15-727-sql-injection-sqli-vulnerability
Third Party Advisory
https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers
Product
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:foliovision:fv_flowplayer_video_player:*:*:*:*:*:wordpress:*:*

Версия до 7.5.15.727 (включая)

EPSS

Процентиль: 62%

0.00432

Низкий

6.6 Medium

CVSS3

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-vg8x-cp5j-g9cw

CVSS3: 7.2

github

почти 4 года назад

Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions <= 7.5.15.727).

EPSS

Процентиль: 62%

0.00432

Низкий

6.6 Medium

CVSS3

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89