CVE-2021-39350 Scanner

FV Flowplayer Video Player is a WordPress plugin that allows users to embed and stream videos on their website. This plugin provides a range of customization options and features, including video analytics and responsive design. It is widely used by professionals and amateurs for creating and sharing videos on their WordPress sites. 

However, a critical vulnerability, CVE-2021-39350, has been detected in this plugin between versions 7.5.0.727 and 7.5.2.727. The vulnerability is caused by a lack of input validation on the player_id parameter found in the ~/view/stats.php file. This vulnerability allows attackers to insert malicious scripts into web pages, which in turn can lead to cross-site scripting attacks.

Exploiting this vulnerability can lead to a range of malicious activities, such as stealing sensitive information like passwords, session cookies, and other valuable user data. It can also be used to redirect users to fake or malicious websites, or to perform other actions not authorized by the user. In short, this vulnerability can allow attackers to gain full control over the victim's website and data.

In conclusion, FV Flowplayer Video Player users are urged to take necessary precautions to prevent their sites from being compromised by this vulnerability. By subscribing to pro features at s4e.io, individuals can quickly and efficiently identify and eliminate vulnerabilities present in their digital assets. Don't wait until it's too late – protect your website today.

REFERENCES

• https://plugins.trac.wordpress.org/changeset/2580834/fv-wordpress-flowplayer/trunk/view/stats.php
• https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39350