Browse all 4 CVE security advisories affecting flothemesplugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Flothemesplugins develops WordPress themes and plugins for website building, with four CVEs recorded. Historically, their products have been vulnerable to remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insufficient input validation and improper access controls. Security researchers have identified consistent patterns in their codebase, including insecure direct object references and inadequate sanitization of user-supplied data. While no major public incidents have been documented, the recurring nature of these vulnerabilities suggests systemic security weaknesses that could potentially lead to complete site compromise or unauthorized access if not promptly addressed.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-13159 | Flo Forms – Easy Drag & Drop Form Builder <= 1.0.43 - Unauthenticated Stored Cross-Site Scripting via SVG Upload — Flo Forms – Easy Drag & Drop Form BuilderCWE-79 | 7.1 | High | 2025-11-21 |
| CVE-2025-32213 | WordPress Flo Forms plugin <= 1.0.43 - Broken Access Control vulnerability — Flo FormsCWE-862 | 6.5 | Medium | 2025-04-10 |
| CVE-2023-47692 | WordPress Flo Forms plugin <= 1.0.41 - Broken Access Control vulnerability — Flo FormsCWE-862 | 4.3 | Medium | 2025-01-02 |
| CVE-2021-4367 | Flo Forms – Easy Drag & Drop Form Builder <= 1.0.35 - Options Change to Stored Cross-Site Scripting — Flo Forms – Easy Drag & Drop Form BuilderCWE-79 | 6.4 | Medium | 2023-06-07 |
This page lists every published CVE security advisory associated with flothemesplugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.