cleantalk
Vulnerabilities and Security Researches

Flow-Flow Social Feed Stream, 23c7c3e3baf6eecf985cedf59fc7fb4e69633043

CVE, Research URL

23c7c3e3baf6eecf985cedf59fc7fb4e69633043

Home page URL

Security reports for Flow-Flow Social Feed Stream

Application

Flow-Flow Social Feed Stream

Published on
Nov 05, 2018
Research Description
Flow-Flow Social Feed Stream [flow-flow-social-streams] < 3.0.72 (closed) Flow-Flow Social Feed Stream <= 3.0.71 - Cross-Site Scripting The Flow-Flow Social Feed Stream plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.0.71 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
Affected versions
max 3.0.72.
Status
vulnerable
Previous vulnerability researches
My auctions allegro (CVE-2025-27009) , Apr 16, 2025
My auctions allegro (CVE-2024-11707) , Dec 06, 2024
My auctions allegro (CVE-2025-68567) , Jan 10, 2026
My auctions allegro (CVE-2025-68566) , Jan 10, 2026
My auctions allegro (CVE-2025-12851) , Dec 10, 2025
New vulnerability
WP Crowdfunding (3939be2aa6ea7622bafa361ab2eb698af0517408) , Jun 16, 2026
WP-Cron Status Checker (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
WP-Cron Status Checker (315d63796cd790e0caac845c2ab3d3c01db5196e) , Jun 16, 2026
Open Graph and Twitter Card Tags (d2a6c41972461397c4b4fbb3e37ca688b3cdcef4) , Jun 16, 2026
Open Graph and Twitter Card Tags (94d86780b701970829bbefba21941f3d698e59be) , Jun 16, 2026