WordPress Plugin Vulnerabilities
Flow-Flow Social Stream <= 3.0.71 - Unauthenticated Cross-Site Scripting (XSS)
Description
Cross-Site Scripting (XSS) vulnerability in the JSON output by modifying the hash parameter in admin-ajax.php using the fetch_posts action. Response Content-Type set to html.
Proof of Concept
Affects Plugins
Fixed in 3.0.72 References
Classification
Type
XSS
OWASP top 10
CWE
Miscellaneous
Original Researcher
Alaistair Jerrom-Smith
Submitter
Alaistair Jerrom-Smith
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2018-10-26 (about 7 years ago)
Added
2018-11-05 (about 7 years ago)
Last Updated
2019-11-01 (about 6 years ago)
WPScan 