MEDIUM
Flow
CVE published 2026-07-18
CVE-2026-57857
The Flow Payment plugin for WordPress version 3.0.8 is vulnerable to reflected cross-site scripting on the WooCommerce checkout page. An unauthenticated attacker can craft a URL containing a JavaScript payload in the error_message parameter. This vulnerability has a CVSS score of 5.1 and a MEDIUM severity. Users of the Flow Payment plugin for WordPress version 3.0.8 should be aware of this vulnerability a [truncated]