WordPress FlatPM - Ad Manager, AdSense and Custom Code plugin <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Post Meta vulnerability

WordPress FlatPM - Ad Manager, AdSense and Custom Code plugin = 3.2.2 - Authenticated Contributor+ Stored Cross-Site Scripting via Custom Post Meta vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin FlatPM versions = 3.2.2...

CVE-2026-0690

The FlatPM – Ad Manager, AdSense and Custom Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rankmathdescription' custom field in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-0690 FlatPM – Ad Manager, AdSense and Custom Code <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Post Meta

The FlatPM – Ad Manager, AdSense and Custom Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rankmathdescription' custom field in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-0690

CVE-2026-0690 involves the WordPress plugin FlatPM – Ad Manager, AdSense and Custom Code. Multiple sources confirm a Stored Cross-Site Scripting (XSS) flaw in all versions up to and including 3.2.2, caused by insufficient input sanitization and output escaping of the rank_math_description/custom ...

WordPress plugin FlatPM – Ad Manager, AdSense, and Custom Code: Cross-site Script Vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-3577

Name of the Vulnerable Software and Affected Versions FlatPM – Ad Manager, AdSense and Custom Code plugin for WordPress versions through 3.2.2 Description The FlatPM – Ad Manager, AdSense and Custom Code plugin for WordPress has a Stored Cross-Site Scripting issue. This is due to inadequate...

CVE-2022-3934

The FlatPM WordPress plugin before 3.0.13 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress Plugin FlatPM 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

CVE-2022-3934

The FlatPM WordPress plugin before 3.0.13 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...