58 matches found
WordPress Flo Forms plugin <= 1.0.43 - Unauthenticated Stored Cross-Site Scripting via SVG Upload vulnerability
Unauthenticated Stored Cross-Site Scripting via SVG Upload vulnerability discovered by Moose Love - Nagasaki Prefectural University in WordPress Plugin Flo Forms versions = 1.0.43...
CVE-2025-13159
The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.0.43. This is due to the plugin allowing SVG file uploads via an unauthenticated AJAX endpoint floformsubmit without proper...
EUVD-2025-198392
The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.0.43. This is due to the plugin allowing SVG file uploads via an unauthenticated AJAX endpoint floformsubmit without proper...
CVE-2025-13159
The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.0.43. This is due to the plugin allowing SVG file uploads via an unauthenticated AJAX endpoint floformsubmit without proper...
CVE-2025-13159
Flo Forms – Easy Drag & Drop Form Builder for WordPress (≤ v1.0.43) is affected by an unauthenticated stored XSS via SVG uploads. The vulnerability arises from accepting SVG uploads through the flo_form_submit endpoint without proper content validation, enabling attackers to place JavaScript in S...
CVE-2025-13159 Flo Forms – Easy Drag & Drop Form Builder <= 1.0.43 - Unauthenticated Stored Cross-Site Scripting via SVG Upload
The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.0.43. This is due to the plugin allowing SVG file uploads via an unauthenticated AJAX endpoint floformsubmit without proper...
PT-2025-47702
Name of the Vulnerable Software and Affected Versions Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress versions up to and including 1.0.43 Description The Flo Forms plugin for WordPress is susceptible to Stored Cross-Site Scripting through SVG file uploads. The plugin permits SVG fi...
WordPress plugin Flo Forms 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...
EUVD-2023-51790
Malicious code in bioql PyPI...
EUVD-2025-10457
Malicious code in bioql PyPI...
EUVD-2023-39129
Malicious code in bioql PyPI...
EUVD-2024-35227
Malicious code in bioql PyPI...
EUVD-2021-34194
Malicious code in bioql PyPI...
CVE-2024-35174
Missing Authorization vulnerability in Flothemes Flo Forms.This issue affects Flo Forms: from n/a through 1.0.42...
CVE-2023-35095
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Flothemes Flo Forms – Easy Drag & Drop Form Builder plugin = 1.0.40 versions...
CVE-2023-47692
Missing Authorization vulnerability in flothemesplugins Flo Forms flo-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flo Forms: from n/a through = 1.0.41...
CVE-2021-4367
The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Options Change by using the floimportformsoptions AJAX action in versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping along with missing...
CVE-2025-32213
Missing Authorization vulnerability in flothemesplugins Flo Forms flo-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flo Forms: from n/a through = 1.0.43...
CVE-2025-32213
Missing Authorization vulnerability in flothemesplugins Flo Forms flo-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flo Forms: from n/a through = 1.0.43...
CVE-2025-32213
CVE-2025-32213 (Flo Forms – Flo Forms plugin for WordPress) is a Missing Authorization vulnerability in Flo Forms