3 matches found
CVE-2024-49695 WordPress WP Flow Plus plugin <= 5.2.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spiffy Plugins WP Flow Plus wp-imageflow2 allows Stored XSS.This issue affects WP Flow Plus: from n/a through = 5.2.3...
CVE-2024-49695
CVE-2024-49695 involves a Stored XSS in WP Flow Plus (WordPress) due to improper input neutralization during web page generation in versions up to 5.2.3. The vulnerability affects WP Flow Plus and can be mitigated by upgrading to version 5.2.4 or later, per Patchstack and related sources. The CVE...
WordPress WP Flow Plus Plugin <= 5.2.3 is vulnerable to Cross Site Scripting (XSS)
Software WP Flow Plus Type Plugin Vulnerable versions = 5.2.3 Fixed in 5.2.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49695 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 744e1a3e2d91 Credits theviper17 Required privilege Contributor...