Vulnerabilities and security researches forflo-forms flo-forms

Jun 06, 2024

CVE, Research URL: CVE-2024-35174
Home page URL: Security reports for Flo Forms – Easy Drag & Drop Form Builder
Application: Flo Forms – Easy Drag & Drop Form Builder
Date: May 17, 2024
Research Description: Missing Authorization vulnerability in Flothemes Flo Forms.This issue affects Flo Forms: from n/a through 1.0.42.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: a80bef1d600c161992317c0fbd9c97ee7f053d59
Home page URL: Security reports for Flo Forms – Easy Drag & Drop Form Builder
Application: Flo Forms – Easy Drag & Drop Form Builder
Date: Mar 16, 2021
Research Description: Flo Forms – Easy Drag & Drop Form Builder [flo-forms] < 1.0.36 WordPress Flo Forms plugin <= 1.0.35 - Authenticated Options Change & Stored Cross-Site Scripting (XSS) vulnerability Authenticated Options Change & Stored Cross-Site Scripting (XSS) vulnerability discovered by NinTechNet in WordPress Flo Forms plugin (versions <= 1.0.35).
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2021-4367
Home page URL: Security reports for Flo Forms – Easy Drag & Drop Form Builder
Application: Flo Forms – Easy Drag & Drop Form Builder
Date: Jun 07, 2023
Research Description: The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Options Change by using the flo_import_forms_options AJAX action in versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping along with missing capability checks. This makes it possible for authenticated attackers, like subscribers, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-35095
Home page URL: Security reports for Flo Forms – Easy Drag & Drop Form Builder
Application: Flo Forms – Easy Drag & Drop Form Builder
Date: Jun 20, 2023
Research Description: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flothemes Flo Forms – Easy Drag & Drop Form Builder plugin <= 1.0.40 versions.
Affected versions: Min -, max -.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-47692
Home page URL: Security reports for Flo Forms – Easy Drag & Drop Form Builder
Application: Flo Forms – Easy Drag & Drop Form Builder
Date: Jan 02, 2025
Research Description: Missing Authorization vulnerability in Flothemes Flo Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flo Forms: from n/a through 1.0.41.
Affected versions: Min -, max -.
Status: vulnerable

Apr 11, 2025

CVE, Research URL: CVE-2025-32213
Home page URL: Security reports for Flo Forms – Easy Drag & Drop Form Builder
Application: Flo Forms – Easy Drag & Drop Form Builder
Date: Apr 10, 2025
Research Description: Missing Authorization vulnerability in flothemesplugins Flo Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Flo Forms: from n/a through 1.0.43.
Affected versions: Min -, max -.
Status: vulnerable