cleantalk
Vulnerabilities and Security Researches

Canvasflow for WordPress, CVE-2024-12275

CVE, Research URL

CVE-2024-12275

Home page URL

Security reports for Canvasflow for WordPress

Application

Canvasflow for WordPress

Published on
Jan 31, 2025
Research Description
The Canvasflow for WordPress plugin through 1.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Affected versions
max 1.5.5.
Status
vulnerable
Previous vulnerability researches
Canvasflow for WordPress (CVE-2024-12275) , Jan 16, 2025
Canvas-Nest.js (4b84d764e3bf46d7160301babd069b664979f068) , Jul 05, 2024
canvasio3D Light (CVE-2024-34411) , Jun 07, 2024
canvasio3D Light (CVE-2023-45062) , Jun 07, 2024
canvasio3D Light (CVE-2023-48776) , Jun 10, 2024
New vulnerability
Canvas (CVE-2026-9629) , Jun 14, 2026
WP Statistics (CVE-2026-48839) , Jun 14, 2026
WP Statistics (CVE-2026-3488) , Jun 14, 2026
WP Statistics (CVE-2026-5231) , Jun 14, 2026
FAQ Manager For Divi, Gutenberg Block & Shortcode (CVE-2023-33999) , Jun 14, 2026