WordPress Flow-Flow Social Feed Stream plugin 3.0.0-4.7.5 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by kr0d in WordPress Plugin Flow-Flow Social Stream versions 3.0.0-4.7.5...

EUVD-2025-4014

Malicious code in bioql PyPI...

EUVD-2025-10572

Malicious code in bioql PyPI...

CVE-2025-32677

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in solwininfotech WP Social Stream Designer social-stream-design allows Blind SQL Injection.This issue affects WP Social Stream Designer: from n/a through = 1.3...

CVE-2025-32677

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in solwininfotech WP Social Stream Designer social-stream-design allows Blind SQL Injection.This issue affects WP Social Stream Designer: from n/a through = 1.3...

CVE-2025-32677

CVE-2025-32677 refers to an SQL Injection vulnerability in the WordPress plugin WP Social Stream Designer. The issue arises from improper neutralization of input in an SQL command, enabling a Blind SQL Injection. Affected are WP Social Stream Designer versions at or below 1.3 (per initial record ...

CVE-2025-32677 WordPress WP Social Stream Designer plugin <= 1.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in solwininfotech WP Social Stream Designer social-stream-design allows Blind SQL Injection.This issue affects WP Social Stream Designer: from n/a through = 1.3...

PT-2025-15821 · WordPress · Wp Social Stream Designer

Name of the Vulnerable Software and Affected Versions: WP Social Stream Designer versions 1.3 and earlier Description: The issue is related to an SQL Injection vulnerability, specifically an Improper Neutralization of Special Elements used in an SQL Command. This allows for Blind SQL Injection,...

WordPress plugin WP Social Stream Designer SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

CVE-2025-25074

Cross-Site Request Forgery CSRF vulnerability in Nirmal Kumar Ram WP Social Stream wp-social-stream allows Stored XSS.This issue affects WP Social Stream: from n/a through = 1.1...

CVE-2025-25074

Cross-Site Request Forgery CSRF vulnerability in Nirmal Kumar Ram WP Social Stream wp-social-stream allows Stored XSS.This issue affects WP Social Stream: from n/a through = 1.1...

CVE-2025-25074 WordPress WP Social Stream plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Nirmal Kumar Ram WP Social Stream allows Stored XSS. This issue affects WP Social Stream: from n/a through 1.1...

CVE-2025-25074

CVE-2025-25074 : WordPress WP Social Stream is affected by a CSRF to Stored XSS vulnerability in versions

WordPress plugin WP Social Stream 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2025-5913 · Nirmal Kumar Ram · Wp Social Stream

Name of the Vulnerable Software and Affected Versions: WP Social Stream versions 1.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in Nirmal Kumar Ram WP Social Stream. Recommendations: For WP Social Stream versions 1.1 and earlier,...

WordPress WP Social Stream plugin <= 1.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin WP Social Stream versions = 1.1...

WordPress Flow-Flow Social Stream plugin <= 3.0.71 - Unauthenticated Cross-Site Scripting (XSS) vulnerability

Unauthenticated Cross-Site Scripting XSS vulnerability found by Alaistair Jerrom-Smith in WordPress Flow-Flow Social Stream plugin versions = 3.0.71. Solution Update the WordPress Flow-Flow Social Stream plugin to the latest available version at least 3.0.72...

Flow-Flow Social Stream <= 3.0.71 - Unauthenticated Cross-Site Scripting (XSS)

Cross-Site Scripting XSS vulnerability in the JSON output by modifying the hash parameter in admin-ajax.php using the fetchposts action. Response Content-Type set to html. PoC http://www.example.com/wp-admin/admin-ajax.php?action=fetchposts&stream-id;=1=%3Cimg%20src=x%20onerror=alert1%3E...

Flow-Flow Social Stream <= 3.0.71 - Unauthenticated Cross-Site Scripting (XSS)

Cross-Site Scripting XSS vulnerability in the JSON output by modifying the hash parameter in admin-ajax.php using the fetchposts action. Response Content-Type set to html. http://www.example.com/wp-admin/admin-ajax.php?action=fetchposts&stream-id=1&hash=%3Cimg%20src=x%20onerror=alert1%3E...

WordPress Social-Stream 1.6.0 Twitter API Secret Disclosure

Wordpress Plugin Social-Stream - Exposure of Twitter API Secret Keys CWE-522 :Insufficiently Protected Credentials Products: Wordpress Social Stream Versions 1.6.0 and lower https://codecanyon.net/item/wordpress-social-stream/2201708 Social Network Tabs Versions 1.7.4 and lower...