Vulnerabilities > Flothemes > FLO Forms

DATE CVE VULNERABILITY TITLE RISK
2023-06-20 CVE-2023-35095 Cross-site Scripting vulnerability in Flothemes FLO Forms
Auth.
network
low complexity
flothemes CWE-79
4.8
4.8
2023-06-07 CVE-2021-4367 Cross-site Scripting vulnerability in Flothemes FLO Forms
The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Options Change by using the flo_import_forms_options AJAX action in versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping along with missing capability checks.
network
low complexity
flothemes CWE-79
5.4
5.4