Flow-Flow Social Feed Stream

Vulnerabilities 4Slug flow-flow-social-streamsLatest version 4.7.5WordPress.org →Closed

Medium 6.4 Unfixed Closed

2025-12-12≤ 4.7.5

Flow-Flow Social Feed Stream 3.0.0 - 4.7.5 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via flow_flow_social_auth AJAX action

CVE Wordfence

N/A Closed

< 3.0.72

Flow-Flow Social Stream <= 3.0.71 - Unauthenticated Cross-Site Scripting (XSS)

WPScan

N/A Closed

2018-11-05< 3.0.72

Flow-Flow Social Feed Stream <= 3.0.71 - Cross-Site Scripting

Wordfence

N/A Closed

2018-11-13< 3.0.72

WordPress Flow-Flow Social Stream plugin <= 3.0.71 - Unauthenticated Cross-Site Scripting (XSS) vulnerability

Patchstack