cleantalk
Vulnerabilities and Security Researches

WP Flow Plus, CVE-2025-58625

CVE, Research URL

CVE-2025-58625

Home page URL

Security reports for WP Flow Plus

Application

WP Flow Plus

Published on
Sep 03, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS. This issue affects WP Flow Plus: from n/a through 5.2.5.
Affected versions
Min -, max 5.2.6.
Status
vulnerable
Previous vulnerability researches
WP Flow Plus (CVE-2024-35651) , Jun 06, 2024
WP Flow Plus (CVE-2024-49695) , Oct 25, 2024
WP Flow Plus (CVE-2025-58625) , Sep 06, 2025
New vulnerability
Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor (CVE-2025-58783) , Sep 06, 2025
WordPress Error Monitoring by Bugsnag (CVE-2025-58806) , Sep 06, 2025
金数据 (CVE-2025-58864) , Sep 06, 2025
Recent Posts Widget Extended (CVE-2025-6757) , Sep 06, 2025
Easy Download Media Counter (CVE-2025-58867) , Sep 06, 2025