Cross-site Scripting Flaw in Fast Flow by fastflow
CVE-2025-26868

7.1HIGH

Key Information:

Vendor: WordPress
Status: Fast Flow
Vendor: CVE Published:; 25 February 2025

Summary

The Fast Flow application is susceptible to a Cross-site Scripting (XSS) vulnerability due to improper neutralization of input during web page generation. This reflected XSS issue could allow attackers to inject malicious scripts into web pages viewed by users. Affected versions include all versions up to and including 1.2.16, enabling potential exploitation that could compromise user sessions or gather sensitive information.

Affected Version(s)

Fast Flow <= 1.2.16

References

https://patchstack.com/database/wordpress/plugin/fast-flo...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 25, 2025
Vulnerability Reserved
Feb 17, 2025

Credit

Abdi Pranata (Patchstack Alliance)