Advisories

Publicly disclosed vulnerabilities discovered by Fluid Attacks Research Team.

Severity 1.7

A Capture Contact Form (and tab) - Insecure deserialization

CVE-2025-31287

Published: 2025-03-14 12:00 COT

Discovered by Andres Roldan

Severity 4.8

Click-to-Call for Twilio - Reflected cross-site scripting (XSS)

CVE-2025-31288

Published: 2025-03-14 12:00 COT

Discovered by Andres Roldan

Severity 4.8

AIO Cache and Performance - Reflected cross-site scripting (XSS)

CVE-2025-31289

Published: 2025-03-14 12:00 COT

Discovered by Andres Roldan

Severity 1.7

Church Admin - Insecure deserialization

CVE-2025-31290

Published: 2025-03-14 12:00 COT

Discovered by Andres Roldan

Severity 4.8

Batch Validator - Reflected cross-site scripting (XSS)

CVE-2025-31291

Published: 2025-03-14 12:00 COT

Discovered by Andres Roldan

Severity 4.8

Content.ad - Reflected cross-site scripting (XSS)

CVE-2025-31292

Published: 2025-03-14 12:00 COT

Discovered by Andres Roldan

Severity 4.8

Best Rating and Pageviews - Reflected cross-site scripting (XSS)

CVE-2025-31293

Published: 2025-03-14 12:00 COT

Discovered by Andres Roldan

Severity 4.8

Bulk Watermark - Reflected cross-site scripting (XSS)

CVE-2025-31294

Published: 2025-03-14 12:00 COT

Discovered by Andres Roldan

Severity 4.8

AzonPost - Reflected cross-site scripting (XSS)

CVE-2025-31295

Published: 2025-03-14 12:00 COT

Discovered by Andres Roldan

For more information, you can read our Disclosure Policy

Fluid Logo Footer

Testing software security for over 20 years

Fluid Attacks tests applications and other systems, covering all software development stages. Our team assists clients in quickly identifying and managing vulnerabilities to reduce the risk of incidents and deploy secure technology.

Copyright © 0 Fluid Attacks. We hack your software. All rights reserved.