CVE-2025-58625

CVE-2025-58625 – WP Flow Plus stored XSS A cross-site scripting vulnerability exists in the WordPress plugin WP Flow Plus (Spiffy Plugins) affecting versions up to 5.2.5. The flaw stems from improper input neutralization during web page generation, enabling stored XSS. The CVSS v3.1 base score is...

CVE-2025-58625 WordPress WP Flow Plus Plugin <= 5.2.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spiffy Plugins WP Flow Plus wp-imageflow2 allows Stored XSS.This issue affects WP Flow Plus: from n/a through = 5.2.5...

CVE-2025-58625 WordPress WP Flow Plus Plugin <= 5.2.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spiffy Plugins WP Flow Plus wp-imageflow2 allows Stored XSS.This issue affects WP Flow Plus: from n/a through = 5.2.5...

WordPress plugin WP Flow Plus 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

WordPress WP Flow Plus plugin <= 5.2.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin WP Flow Plus versions = 5.2.3...

CVE-2024-35651 WordPress WP Flow Plus plugin <= 5.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS.This issue affects WP Flow Plus: from n/a through 5.2.2...