6 matches found
CVE-2025-9129
The Flexi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin for WordPress's flexi-form-tag shortcode in all versions up to, and including, 4.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress Flexi plugin <= 4.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via flexi-form-tag Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via flexi-form-tag Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Flexi – Guest Submit versions = 4.28...
EUVD-2025-32251
Malicious code in bioql PyPI...
CVE-2025-9129
The Flexi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin for WordPress's flexi-form-tag shortcode in all versions up to, and including, 4.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-9129
CVE-2025-9129 describes a Stored Cross-Site Scripting flaw in the WordPress Flexi plugin (up to version 4.28) via the flexi-form-tag shortcode. The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, allowing authenticated attackers with contributor-...
PT-2025-40483
Name of the Vulnerable Software and Affected Versions Flexi plugin for WordPress versions up to and including 4.28 Description The Flexi plugin for WordPress is susceptible to Stored Cross-Site Scripting through the flexi-form-tag shortcode. Insufficient input sanitization and output escaping on...