Browse all 5 CVE security advisories affecting FWDesign. AI-powered Chinese analysis, POCs, and references for each vulnerability.
FWDesign develops network security solutions focusing on firewall and threat prevention systems. Historically, their products have been vulnerable to remote code execution, cross-site scripting, and privilege escalation flaws, with five CVEs documented. Security researchers have identified authentication bypass and input validation weaknesses in their web management interfaces. While no major public breaches have been reported, the consistent pattern of vulnerabilities in administrative components suggests potential exposure risks. Their security posture appears to prioritize functionality over robust hardening, with several flaws allowing unauthorized system access or configuration changes.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-49430 | WordPress Ultimate Video Player Plugin <= 10.1 - Server Side Request Forgery (SSRF) Vulnerability — Ultimate Video PlayerCWE-918 | 7.2 | High | 2025-09-09 |
| CVE-2025-49432 | WordPress Ultimate Video Player Plugin <= 10.1 - Broken Access Control Vulnerability — Ultimate Video PlayerCWE-862 | 5.3 | Medium | 2025-08-15 |
| CVE-2025-28955 | WordPress Easy Video Player Wordpress & WooCommerce plugin <= 10.0 - Arbitrary File Download Vulnerability — Easy Video Player Wordpress & WooCommerceCWE-22 | 7.5 | High | 2025-07-16 |
| CVE-2024-10804 | Ultimate Video Player <= 10.0 - Unauthenticated Arbitrary File Download — Ultimate Video Player WordPress & WooCommerce PluginCWE-22 | 7.5 | High | 2025-03-07 |
| CVE-2024-10803 | MP3 Sticky Player <= 8.0 - Unauthenticated Arbitrary File Read/Download — MP3 Sticky PlayerCWE-22 | 7.5 | High | 2024-11-23 |
This page lists every published CVE security advisory associated with FWDesign. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.