CVE-2025-9129 | Flexi Plugin up to 4.28 on WordPress Shortcode flexi-form-tag cross site scripting

A vulnerability classified as problematic was found in Flexi Plugin up to 4.28 on WordPress. The impacted element is the function flexi-form-tag of the component Shortcode Handler. Executing manipulation can lead to cross site scripting.

This vulnerability is tracked as CVE-2025-9129. The attack can be launched remotely. No exploit exists.VulDB Recent EntriesRead More