cleantalk
Vulnerabilities and Security Researches

Flamingo, PSC-2025-64564

PSC, Research URL

PSC-2025-64564

Home page URL

Security reports for Flamingo

Application

Flamingo

Published on
Apr 16, 2025
Research Description
When it comes to handling communication on WordPress websites, Contact Form 7 is one of the most popular plugins for form submissions. However, it doesn’t store messages by default. This is where Flamingo steps in—a reliable message storage plugin that captures all submissions directly into the WordPress database. Whether it’s email delivery issues or server misconfigurations, Flamingo ensures no submitted message is ever lost. With version 2.5 of Flamingo successfully passing the Plugin Security Certification (PSC-2024-64564) by CleanTalk, users can now rely on not just functionality, but verified code security when storing contact form submissions. The certification guarantees that Flamingo adheres to secure coding standards and doesn’t introduce vulnerabilities into the site it’s installed on.
Affected versions
Min 2.4, max 2.5.
Status
SAFE & CERTIFIED
Previous vulnerability researches
Advanced Flamingo (CVE-2023-52226) , Jun 07, 2024
Flamingo , Apr 16, 2025
Flamingo (022a9997dfc335fe7d818f90b085eb691dd3ba3c) , Jun 07, 2024
New vulnerability
Able Player, accessible HTML5 media player (CVE-2025-46475) , Apr 26, 2025
Dropdown Content (CVE-2025-46478) , Apr 26, 2025
BeerXML Shortcode (CVE-2025-46511) , Apr 26, 2025
WP AVCL Automation Helper (formerly WPFlyLeads) (CVE-2025-46531) , Apr 26, 2025
Multi-Column Taxonomy List (CVE-2025-46491) , Apr 26, 2025