7 matches found
WordPress Flex Guten Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin Flex Guten, which stems from insufficient input cleanup and escaping, and can be exploited by an attacke...
CVE-2025-6256
The Flex Guten plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘thumbnailHoverEffect’ parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-6256
The Flex Guten plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘thumbnailHoverEffect’ parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-6256
Flex Guten — Multile Blocks (WordPress plugin) versions up to 1.2.5 are affected by Stored Cross-Site Scripting via the thumbnailHoverEffect parameter, caused by insufficient input sanitization and output escaping. Exploitation requires Contributor-level access or higher from authenticated users,...
CVE-2025-6256 Flex Guten <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via thumbnailHoverEffect Parameter
The Flex Guten plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘thumbnailHoverEffect’ parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2025-32031 · WordPress · Flex Guten
Name of the Vulnerable Software and Affected Versions: Flex Guten plugin for WordPress versions up to and including 1.2.5 Description: The Flex Guten plugin for WordPress is susceptible to Stored Cross-Site Scripting via the thumbnailHoverEffect parameter due to insufficient input sanitization an...
WordPress Flex Guten plugin <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via thumbnailHoverEffect Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via thumbnailHoverEffect Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Flex Guten versions = 1.2.5...