Flexmls Idx
Monthly
A reflected Cross-Site Scripting (XSS) vulnerability exists in the Flexmls® IDX WordPress plugin through version 3.15.9, allowing attackers to inject malicious scripts into web pages that execute in victims' browsers when they click specially crafted links. The vulnerability has a CVSS score of 7.1 and requires user interaction but can impact confidentiality, integrity, and availability across different origins due to its scope change characteristic. While not currently listed in CISA KEV or showing high EPSS scores, the vulnerability represents a moderate risk for WordPress sites using this real estate listing plugin.
A reflected Cross-Site Scripting (XSS) vulnerability exists in the Flexmls® IDX WordPress plugin through version 3.15.9, allowing attackers to inject malicious scripts into web pages that execute in victims' browsers when they click specially crafted links. The vulnerability has a CVSS score of 7.1 and requires user interaction but can impact confidentiality, integrity, and availability across different origins due to its scope change characteristic. While not currently listed in CISA KEV or showing high EPSS scores, the vulnerability represents a moderate risk for WordPress sites using this real estate listing plugin.