24 matches found
EUVD-2025-26542
Malicious code in bioql PyPI...
EUVD-2024-35410
Malicious code in bioql PyPI...
EUVD-2024-43546
Malicious code in bioql PyPI...
CVE-2025-58625
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spiffy Plugins WP Flow Plus wp-imageflow2 allows Stored XSS.This issue affects WP Flow Plus: from n/a through = 5.2.5...
CVE-2025-58625
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spiffy Plugins WP Flow Plus wp-imageflow2 allows Stored XSS.This issue affects WP Flow Plus: from n/a through = 5.2.5...
CVE-2025-58625
CVE-2025-58625 – WP Flow Plus stored XSS A cross-site scripting vulnerability exists in the WordPress plugin WP Flow Plus (Spiffy Plugins) affecting versions up to 5.2.5. The flaw stems from improper input neutralization during web page generation, enabling stored XSS. The CVSS v3.1 base score is...
CVE-2025-58625 WordPress WP Flow Plus Plugin <= 5.2.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spiffy Plugins WP Flow Plus wp-imageflow2 allows Stored XSS.This issue affects WP Flow Plus: from n/a through = 5.2.5...
CVE-2025-58625 WordPress WP Flow Plus Plugin <= 5.2.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spiffy Plugins WP Flow Plus wp-imageflow2 allows Stored XSS.This issue affects WP Flow Plus: from n/a through = 5.2.5...
WordPress plugin WP Flow Plus 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
PT-2025-35758
Name of the Vulnerable Software and Affected Versions: WP Flow Plus versions through 5.2.5 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting XSS. Recommendations: Update WP Flow Plus to a version...
CVE-2024-49695
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spiffy Plugins WP Flow Plus wp-imageflow2 allows Stored XSS.This issue affects WP Flow Plus: from n/a through = 5.2.3...
CVE-2024-49695
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS.This issue affects WP Flow Plus: from n/a through 5.2.3...
CVE-2024-49695
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spiffy Plugins WP Flow Plus wp-imageflow2 allows Stored XSS.This issue affects WP Flow Plus: from n/a through = 5.2.3...
CVE-2024-49695
CVE-2024-49695 involves a Stored XSS in WP Flow Plus (WordPress) due to improper input neutralization during web page generation in versions up to 5.2.3. The vulnerability affects WP Flow Plus and can be mitigated by upgrading to version 5.2.4 or later, per Patchstack and related sources. The CVE...
CVE-2024-49695 WordPress WP Flow Plus plugin <= 5.2.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spiffy Plugins WP Flow Plus wp-imageflow2 allows Stored XSS.This issue affects WP Flow Plus: from n/a through = 5.2.3...
PT-2024-33648 · WordPress · Wp Flow Plus
Name of the Vulnerable Software and Affected Versions: WP Flow Plus versions through 5.2.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For WP Flow Plu...
WordPress plugin WP Flow Plus 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress WP Flow Plus plugin <= 5.2.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin WP Flow Plus versions = 5.2.3...
WordPress WP Flow Plus Plugin <= 5.2.3 is vulnerable to Cross Site Scripting (XSS)
Software WP Flow Plus Type Plugin Vulnerable versions = 5.2.3 Fixed in 5.2.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49695 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 744e1a3e2d91 Credits theviper17 Required privilege Contributor...
CVE-2024-35651
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS.This issue affects WP Flow Plus: from n/a through 5.2.2...