The FV Flowplayer Video Player plugin for WordPress is a program that can be used to add videos to WordPress websites. Unfortunately, it is vulnerable to a type of attack called Reflected Cross-Site Scripting, which can be used by unauthenticated attackers to inject malicious code into WordPress pages. This vulnerability exists in versions up to and including 7.2.0.727 due to the plugin not properly sanitizing and encoding user input. Attackers can take advantage of this by creating malicious links which, if clicked on, can cause the malicious code to be executed.