Vulnerabilities and security researches forflow-flow-social-streams flow-flow-social-streams

Jun 07, 2024

CVE, Research URL: f323f92085eab76ce72ef3e953ee307aa7c527e3
Home page URL: Security reports for Flow-Flow Social Feed Stream
Application: Flow-Flow Social Feed Stream
Date: Nov 13, 2018
Research Description: Flow-Flow Social Feed Stream [flow-flow-social-streams] < 3.0.72 (closed) WordPress Flow-Flow Social Stream plugin <= 3.0.71 - Unauthenticated Cross-Site Scripting (XSS) vulnerability Unauthenticated Cross-Site Scripting (XSS) vulnerability found by Alaistair Jerrom-Smith in WordPress Flow-Flow Social Stream plugin (versions <= 3.0.71).
Affected versions: max 3.0.72.
Status: vulnerable

Jan 10, 2026

CVE, Research URL: CVE-2025-13866
Home page URL: Security reports for Flow-Flow Social Feed Stream
Application: Flow-Flow Social Feed Stream
Date: Dec 12, 2025
Research Description: The Flow-Flow Social Feed Stream plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flow_flow_social_auth AJAX action in versions 3.0.0 to 4.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify plugin settings and store arbitrary JavaScript that executes whenever the plugin settings page is viewed.
Affected versions: max 4.7.5.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: 23c7c3e3baf6eecf985cedf59fc7fb4e69633043
Home page URL: Security reports for Flow-Flow Social Feed Stream
Application: Flow-Flow Social Feed Stream
Date: Nov 05, 2018
Research Description: Flow-Flow Social Feed Stream [flow-flow-social-streams] < 3.0.72 (closed) Flow-Flow Social Feed Stream <= 3.0.71 - Cross-Site Scripting The Flow-Flow Social Feed Stream plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.0.71 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
Affected versions: max 3.0.72.
Status: vulnerable

CVE, Research URL: 8354b34e-40f4-4b70-bb09-38e2cf572ce9
Home page URL: Security reports for Flow-Flow Social Feed Stream
Application: Flow-Flow Social Feed Stream
Date: -
Research Description: Flow-Flow Social Feed Stream [flow-flow-social-streams] < 3.0.72 (closed) Flow-Flow Social Stream <= 3.0.71 - Unauthenticated Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) vulnerability in the JSON output by modifying the hash parameter in admin-ajax.php using the fetch_posts action. Response Content-Type set to html.
Affected versions: max 3.0.72.
Status: vulnerable