Medium severity5.4NVD Advisory· Published Jan 15, 2021· Updated Jun 17, 2026
CVE-2020-35748
CVE-2020-35748
Description
Cross-site scripting (XSS) vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fv_wp_fvvideoplayer_src JSON field in the data parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/FV Flowplayer Video Player plugindescription
- Range: <7.4.37.727
Patches
Vulnerability mechanics
References
1- docs.google.com/document/d/1xUTEmWqfy3u3KBSTjxCAGe3gIF15awFmzgCXrKfVl2U/editnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.