WordPress FlatPM <3.0.13 - Cross-Site Scripting

WordPress FlatPM plugin before 3.0.13 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape certain parameters before outputting them back in pages, which can be exploited against high privilege users such as admin. An attacker can steal cookie-based authenticatio...

CVE-2026-0690

The FlatPM – Ad Manager, AdSense and Custom Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rankmathdescription' custom field in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress FlatPM - Ad Manager, AdSense and Custom Code plugin <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Post Meta vulnerability

WordPress FlatPM - Ad Manager, AdSense and Custom Code plugin = 3.2.2 - Authenticated Contributor+ Stored Cross-Site Scripting via Custom Post Meta vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin FlatPM versions = 3.2.2...

CVE-2026-0690

The FlatPM – Ad Manager, AdSense and Custom Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rankmathdescription' custom field in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-0690 FlatPM – Ad Manager, AdSense and Custom Code <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Post Meta

The FlatPM – Ad Manager, AdSense and Custom Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rankmathdescription' custom field in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-0690

CVE-2026-0690 involves the WordPress plugin FlatPM – Ad Manager, AdSense and Custom Code. Multiple sources confirm a Stored Cross-Site Scripting (XSS) flaw in all versions up to and including 3.2.2, caused by insufficient input sanitization and output escaping of the rank_math_description/custom ...

CVE-2026-0690 FlatPM – Ad Manager, AdSense and Custom Code <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Post Meta

The FlatPM – Ad Manager, AdSense and Custom Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rankmathdescription' custom field in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-0690

The FlatPM – Ad Manager, AdSense and Custom Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rankmathdescription' custom field in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for...

PT-2026-3577

Name of the Vulnerable Software and Affected Versions FlatPM – Ad Manager, AdSense and Custom Code plugin for WordPress versions through 3.2.2 Description The FlatPM – Ad Manager, AdSense and Custom Code plugin for WordPress has a Stored Cross-Site Scripting issue. This is due to inadequate...

WordPress plugin FlatPM – Ad Manager, AdSense, and Custom Code: Cross-site Script Vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2024-26797

Malicious code in bioql PyPI...

CVE-2024-29803

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mehanoid.Pro FlatPM allows Stored XSS.This issue affects FlatPM: from n/a before 3.1.05...

CVE-2022-3934

The FlatPM WordPress plugin before 3.0.13 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-29803

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mehanoid.Pro FlatPM allows Stored XSS.This issue affects FlatPM: from n/a before 3.1.05...

CVE-2024-29803

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mehanoid.Pro FlatPM allows Stored XSS.This issue affects FlatPM: from n/a before 3.1.05...

CVE-2024-29803 WordPress FlatPM plugin < 3.1.05 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mehanoid.Pro FlatPM allows Stored XSS.This issue affects FlatPM: from n/a before 3.1.05...

CVE-2024-29803 WordPress FlatPM plugin < 3.1.05 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mehanoid.Pro FlatPM allows Stored XSS.This issue affects FlatPM: from n/a before 3.1.05...

CVE-2024-29803

CVE-2024-29803 is a Stored XSS in FlatPM (Mehanoid.Pro) for WordPress, exploitable via the FlatPM plugin before 3.1.05. Root cause: improper input neutralization in web page generation. Impact: MEDIUM (CVSS 3.1 base 6.5) with potential confidentiality/integrity/availability impacts as described; ...

WordPress Plugin FlatPM 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

PT-2024-23048 · Mehanoid.Pro · Flatpm

Name of the Vulnerable Software and Affected Versions: FlatPM versions prior to 3.1.05 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Stored XSS in Mehanoid.Pro FlatPM. Recommendations: For...