Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

FWDesign

Source -

CNA

BOS Name -

N/A

CNA CVEs -

5

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
5Vulnerabilities found
CVE-2025-49430
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.2||HIGH
EPSS-0.06% / 17.60%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 16:26
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ultimate Video Player Plugin <= 10.1 - Server Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery (SSRF) vulnerability in FWDesign Ultimate Video Player fwduvp allows Server Side Request Forgery.This issue affects Ultimate Video Player: from n/a through <= 10.1.

Action-Not Available
Vendor-FWDesign
Product-Ultimate Video Player
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-49432
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.78%
||
7 Day CHG~0.00%
Published-15 Aug, 2025 | 15:13
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ultimate Video Player Plugin <= 10.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in FWDesign Ultimate Video Player fwduvp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Video Player: from n/a through <= 10.1.

Action-Not Available
Vendor-FWDesign
Product-Ultimate Video Player
CWE ID-CWE-862
Missing Authorization
CVE-2025-28955
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.50% / 66.33%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 11:28
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Video Player Wordpress & WooCommerce plugin <= 10.0 - Arbitrary File Download Vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in FWDesign Easy Video Player Wordpress & WooCommerce fwdevp allows Path Traversal.This issue affects Easy Video Player Wordpress & WooCommerce: from n/a through <= 10.0.

Action-Not Available
Vendor-FWDesign
Product-Easy Video Player Wordpress & WooCommerce
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-10804
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-7.5||HIGH
EPSS-1.85% / 83.41%
||
7 Day CHG~0.00%
Published-07 Mar, 2025 | 08:21
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ultimate Video Player <= 10.0 - Unauthenticated Arbitrary File Download

The Ultimate Video Player WordPress & WooCommerce Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 10.0 via the content/downloader.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

Action-Not Available
Vendor-FWDesign
Product-Ultimate Video Player WordPress & WooCommerce Plugin
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-10803
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-7.5||HIGH
EPSS-4.08% / 88.82%
||
7 Day CHG~0.00%
Published-23 Nov, 2024 | 07:38
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MP3 Sticky Player <= 8.0 - Unauthenticated Arbitrary File Read/Download

The MP3 Sticky Player plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.0 via the content/downloader.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. Please note the vendor released the patched version as the same version as the affected version.

Action-Not Available
Vendor-FWDesignfwdesign
Product-MP3 Sticky Playermp3_sticky_player
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')