cleantalk
Vulnerabilities and Security Researches

WP Flow Plus, CVE-2025-58625

CVE, Research URL

CVE-2025-58625

Home page URL

Security reports for WP Flow Plus

Application

WP Flow Plus

Published on
Sep 03, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS. This issue affects WP Flow Plus: from n/a through 5.2.5.
Affected versions
Min -, max 5.2.6.
Status
vulnerable
Previous vulnerability researches
Tripadvisor Shortcode (CVE-2025-48313) , Aug 30, 2025
New vulnerability
LTL Freight Quotes – Day & Ross Edition (CVE-2025-58642) , Sep 06, 2025
Sticky Side Buttons (5050bee0d08fa2179495d87f142ada0e346f4e05) , Sep 06, 2025
Brizy – Page Builder (CVE-2025-58594) , Sep 06, 2025
Mobile Contact Line (CVE-2025-58622) , Sep 06, 2025
Easy Timer (CVE-2025-9519) , Sep 06, 2025