3 matches found
EUVD-2026-45400
The Flow Payment plugin for WordPress flow.cl version 3.0.8 is vulnerable to reflected cross-site scripting on the WooCommerce checkout page. When the plugin handles an order cancellation, the errormessage GET parameter is passed directly to wcaddnotice in flowpayment-fl.php lines 57-58 without...
CVE-2026-57857
The Flow Payment plugin for WordPress (flow.cl) v3.0.8 is affected by a reflected cross-site scripting (XSS) on the WooCommerce checkout page. The vulnerability arises because error_message from an order-cancellation flow is passed directly to wc_add_notice() in flowpayment-fl.php (lines 57–58) w...
CVE-2026-57857 Flow Payment Plugin for WordPress Reflected Cross-Site Scripting via error_message Parameter
The Flow Payment plugin for WordPress flow.cl version 3.0.8 is vulnerable to reflected cross-site scripting on the WooCommerce checkout page. When the plugin handles an order cancellation, the errormessage GET parameter is passed directly to wcaddnotice in flowpayment-fl.php lines 57-58 without...