VYPR

Flow-Flow Social Feed Stream

by WordPress

CVEs (1)

  • CVE-2025-13866MedDec 12, 2025
    risk 0.42cvss 6.4epss 0.00

    The Flow-Flow Social Feed Stream plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flow_flow_social_auth AJAX action in versions 3.0.0 to 4.7.5. This makes it possible for authenticated attackers, with…