cleantalk
Vulnerabilities and Security Researches

flowpaper, CVE-2023-5200

CVE, Research URL

CVE-2023-5200

Home page URL

Security reports for flowpaper

Application

flowpaper

Published on
Oct 20, 2023
Research Description
The flowpaper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'flipbook' shortcode in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 2.0.4.
Status
vulnerable
Previous vulnerability researches
flowpaper (CVE-2023-5200) , Jun 07, 2024
flowpaper (CVE-2023-40197) , Jun 07, 2024
New vulnerability
Sunshine Photo Cart: Free Client Galleries for Photographers (CVE-2025-5482) , Jun 13, 2025
OpenSheetMusicDisplay (CVE-2025-5235) , Jun 13, 2025
Arconix Shortcodes (CVE-2025-47673) , Jun 12, 2025
Slim SEO – Fast & Automated WordPress SEO Plugin (CVE-2025-4611) , Jun 12, 2025
AutomatorWP – The #1 automator plugin for no-code automation in WordPress (CVE-2025-48280) , Jun 11, 2025