Vulnerabilities > Flothemes

DATE CVE VULNERABILITY TITLE RISK
2023-06-20 CVE-2023-35095 Cross-site Scripting vulnerability in Flothemes FLO Forms
Auth.
network
low complexity
flothemes CWE-79
4.8
2023-06-07 CVE-2021-4367 Cross-site Scripting vulnerability in Flothemes FLO Forms
The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Options Change by using the flo_import_forms_options AJAX action in versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping along with missing capability checks.
network
low complexity
flothemes CWE-79
5.4
2022-04-25 CVE-2022-0541 Unspecified vulnerability in Flothemes Flo-Launch
The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary value.
network
low complexity
flothemes
critical
9.8