cleantalk
Vulnerabilities and Security Researches

SEO Flow by LupsOnline, CVE-2025-48146

CVE, Research URL

CVE-2025-48146

Home page URL

Security reports for SEO Flow by LupsOnline

Application

SEO Flow by LupsOnline

Published on
May 16, 2025
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in Michael Lups SEO Flow by LupsOnline allows Stored XSS. This issue affects SEO Flow by LupsOnline: from n/a through 2.2.0.
Affected versions
Min -, max 2.2.0.
Status
vulnerable
Previous vulnerability researches
Icegram Collect – Easy Form, Lead Collection and Subscription plugin (CVE-2024-43273) , Aug 16, 2024
Icegram Collect – Easy Form, Lead Collection and Subscription plugin (CVE-2023-25024) , Jun 07, 2024
Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building (CVE-2016-10963) , Jun 07, 2024
Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building (CVE-2019-15830) , Jun 07, 2024
Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building (CVE-2023-52119) , Jun 07, 2024
New vulnerability
Wise Chat (CVE-2024-13613) , May 18, 2025
WP Booking Calendar (CVE-2025-4669) , May 18, 2025
WooCommerce POS (CVE-2025-48117) , May 18, 2025
BERTHA AI. Your AI co-pilot for WordPress and Chrome (CVE-2025-48138) , May 18, 2025
SEO Flow by LupsOnline (CVE-2025-48146) , May 18, 2025