cleantalk
Vulnerabilities and Security Researches

Flow-Flow Social Feed Stream, 8354b34e-40f4-4b70-bb09-38e2cf572ce9

CVE, Research URL

8354b34e-40f4-4b70-bb09-38e2cf572ce9

Home page URL

Security reports for Flow-Flow Social Feed Stream

Application

Flow-Flow Social Feed Stream

Published on
-
Research Description
Flow-Flow Social Feed Stream [flow-flow-social-streams] < 3.0.72 (closed) Flow-Flow Social Stream &lt;= 3.0.71 - Unauthenticated Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) vulnerability in the JSON output by modifying the hash parameter in admin-ajax.php using the fetch_posts action. Response Content-Type set to html.
Affected versions
max 3.0.72.
Status
vulnerable
Previous vulnerability researches
Flow-Flow Social Feed Stream (CVE-2025-13866) , Jan 10, 2026
Flow-Flow Social Feed Stream (f323f92085eab76ce72ef3e953ee307aa7c527e3) , Jun 07, 2024
Flow-Flow Social Feed Stream (23c7c3e3baf6eecf985cedf59fc7fb4e69633043) , Jun 16, 2026
Flow-Flow Social Feed Stream (8354b34e-40f4-4b70-bb09-38e2cf572ce9) , Jun 16, 2026
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026