Vulnerabilities and security researches forflamingo flamingo

Jun 07, 2024

CVE, Research URL: 022a9997dfc335fe7d818f90b085eb691dd3ba3c
Home page URL: Security reports for Flamingo
Application: Flamingo
Date: Jan 28, 2020
Research Description: Flamingo [flamingo] < 2.1.1 WordPress Flamingo plugin <= 2.1 - CSV Injection vulnerability CSV Injection vulnerability found by Vishnupriya Ilango (FortiGuard Labs) in WordPress Flamingo plugin (versions <= 2.1).
Affected versions: max 2.1.1.
Status: vulnerable

Apr 16, 2025

PSC, Research URL: PSC-2025-64564
Home page URL: Security reports for Flamingo
Application: Flamingo
Date: Apr 16, 2025
Research Description: When it comes to handling communication on WordPress websites, Contact Form 7 is one of the most popular plugins for form submissions. However, it doesn’t store messages by default. This is where Flamingo steps in—a reliable message storage plugin that captures all submissions directly into the WordPress database. Whether it’s email delivery issues or server misconfigurations, Flamingo ensures no submitted message is ever lost. With version 2.6.1 of Flamingo successfully passing the Plugin Security Certification (PSC-2024-64564) by CleanTalk, users can now rely on not just functionality, but verified code security when storing contact form submissions. The certification guarantees that Flamingo adheres to secure coding standards and doesn’t introduce vulnerabilities into the site it’s installed on.
Affected versions: Min 2.6.2, max 2.6.2.
Status: SAFE & CERTIFIED

Jun 16, 2026

CVE, Research URL: 6f1dbe1807131bec085dd56cfbb9c0f2fe72fd1f
Home page URL: Security reports for Flamingo
Application: Flamingo
Date: Jan 15, 2020
Research Description: Flamingo [flamingo] < 2.1.1 Flamingo <= 2.1 - CSV Injection A CSV Injection vulnerability was discovered in Flamingo up to version 2.1. It allows a user with low level privileges to inject OS command that will be included in the exported CSV file, leading to possible command/code execution.
Affected versions: max 2.1.1.
Status: vulnerable

CVE, Research URL: 810a985f-b671-4a69-b9c3-7f35d72e84de
Home page URL: Security reports for Flamingo
Application: Flamingo
Date: -
Research Description: Flamingo [flamingo] < 2.1.1 Flamingo < 2.1.1 - CSV Injection The Flamingo WordPress plugin was affected by a CSV Injection security vulnerability.
Affected versions: max 2.1.1.
Status: vulnerable