WordPress Flow-Flow Social Feed Stream plugin 3.0.0-4.7.5 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by kr0d in WordPress Plugin Flow-Flow Social Stream versions 3.0.0-4.7.5...

EUVD-2025-10572

Malicious code in bioql PyPI...

EUVD-2025-4014

Malicious code in bioql PyPI...

CVE-2025-32677

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in solwininfotech WP Social Stream Designer social-stream-design allows Blind SQL Injection.This issue affects WP Social Stream Designer: from n/a through = 1.3...

CVE-2025-32677

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in solwininfotech WP Social Stream Designer social-stream-design allows Blind SQL Injection.This issue affects WP Social Stream Designer: from n/a through = 1.3...

CVE-2025-32677

CVE-2025-32677 refers to an SQL Injection vulnerability in the WordPress plugin WP Social Stream Designer. The issue arises from improper neutralization of input in an SQL command, enabling a Blind SQL Injection. Affected are WP Social Stream Designer versions at or below 1.3 (per initial record ...

CVE-2025-32677 WordPress WP Social Stream Designer plugin <= 1.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in solwininfotech WP Social Stream Designer social-stream-design allows Blind SQL Injection.This issue affects WP Social Stream Designer: from n/a through = 1.3...

WordPress plugin WP Social Stream Designer SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

PT-2025-15821 · WordPress · Wp Social Stream Designer

Name of the Vulnerable Software and Affected Versions: WP Social Stream Designer versions 1.3 and earlier Description: The issue is related to an SQL Injection vulnerability, specifically an Improper Neutralization of Special Elements used in an SQL Command. This allows for Blind SQL Injection,...

CVE-2025-25074

Cross-Site Request Forgery CSRF vulnerability in Nirmal Kumar Ram WP Social Stream wp-social-stream allows Stored XSS.This issue affects WP Social Stream: from n/a through = 1.1...

CVE-2025-25074

Cross-Site Request Forgery CSRF vulnerability in Nirmal Kumar Ram WP Social Stream wp-social-stream allows Stored XSS.This issue affects WP Social Stream: from n/a through = 1.1...

CVE-2025-25074

CVE-2025-25074 : WordPress WP Social Stream is affected by a CSRF to Stored XSS vulnerability in versions

CVE-2025-25074 WordPress WP Social Stream plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Nirmal Kumar Ram WP Social Stream allows Stored XSS. This issue affects WP Social Stream: from n/a through 1.1...

PT-2025-5913 · Nirmal Kumar Ram · Wp Social Stream

Name of the Vulnerable Software and Affected Versions: WP Social Stream versions 1.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in Nirmal Kumar Ram WP Social Stream. Recommendations: For WP Social Stream versions 1.1 and earlier,...

WordPress plugin WP Social Stream 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress WP Social Stream plugin <= 1.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin WP Social Stream versions = 1.1...

WordPress Flow-Flow Social Stream plugin <= 3.0.71 - Unauthenticated Cross-Site Scripting (XSS) vulnerability

Unauthenticated Cross-Site Scripting XSS vulnerability found by Alaistair Jerrom-Smith in WordPress Flow-Flow Social Stream plugin versions = 3.0.71. Solution Update the WordPress Flow-Flow Social Stream plugin to the latest available version at least 3.0.72...

Flow-Flow Social Stream <= 3.0.71 - Unauthenticated Cross-Site Scripting (XSS)

Cross-Site Scripting XSS vulnerability in the JSON output by modifying the hash parameter in admin-ajax.php using the fetchposts action. Response Content-Type set to html. http://www.example.com/wp-admin/admin-ajax.php?action=fetchposts&stream-id=1&hash=%3Cimg%20src=x%20onerror=alert1%3E...

Flow-Flow Social Stream <= 3.0.71 - Unauthenticated Cross-Site Scripting (XSS)

Cross-Site Scripting XSS vulnerability in the JSON output by modifying the hash parameter in admin-ajax.php using the fetchposts action. Response Content-Type set to html. PoC http://www.example.com/wp-admin/admin-ajax.php?action=fetchposts&stream-id;=1=%3Cimg%20src=x%20onerror=alert1%3E...

Wordpress plugin Social Stream API secret key information leakage vulnerability

WordPress is a blogging platform developed using the PHP language that allows users to set up their own websites on servers that support PHP and MySQL databases. Wordpress plugin Social-Stream uses the Twitter API key as a parameter of the URL link There is an information leakage that can be...