What the vulnerability does
01Description
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions <= 7.5.18.727 via &fv_wp_flowplayer_field_splash parameter.
CVE-2022-25613
MEDIUM
CVE-2022-25613: WordPress FV Flowplayer Video Player plugin <= 7.5.18.727 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability
CVSS base score
4.1/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
Key dates
02Disclosure timeline
April 4, 2022
CVE published
April 28, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-35170 WordPress Sticky banner plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-43731
CVE-2025-71240 SPIP < 4.2.15 Cross-Site Scripting via Code Tags
CVE-2021-24671 MX Time Zone Clocks < 3.4.1 - Contributor+ Cross-Site Scripting
CVE-2025-13704 Autogen Headers Menu <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'head_class' Shortcode Parameter
