PatchSiren

Flow CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Flow CVE published 2026-07-18

CVE-2026-57857

The Flow Payment plugin for WordPress version 3.0.8 is vulnerable to reflected cross-site scripting on the WooCommerce checkout page. An unauthenticated attacker can craft a URL containing a JavaScript payload in the error_message parameter. This vulnerability has a CVSS score of 5.1 and a MEDIUM severity. Users of the Flow Payment plugin for WordPress version 3.0.8 should be aware of this vulnerability a [truncated]