All 3 CVE vulnerabilities found in Flo Forms – Easy Drag & Drop Form Builder, with AI-generated Chinese analysis, references, and POCs.
Vendor: flothemesplugins
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-13159 | Flo Forms – Easy Drag & Drop Form Builder <= 1.0.43 - Unauthenticated Stored Cross-Site Scripting via SVG Upload CWE-79 | 7.1 | High | 2025-11-21 |
| CVE-2023-35095 | WordPress Flo Forms Plugin <= 1.0.40 is vulnerable to Cross Site Scripting (XSS) CWE-79 | 5.9 | Medium | 2023-06-20 |
| CVE-2021-4367 | Flo Forms – Easy Drag & Drop Form Builder <= 1.0.35 - Options Change to Stored Cross-Site Scripting CWE-79 | 6.4 | Medium | 2023-06-07 |
All 3 known CVE vulnerabilities affecting Flo Forms – Easy Drag & Drop Form Builder with full Chinese analysis, references, and POCs where available.