Does Fast Flow have any unpatched vulnerabilities?

No. All known vulnerabilities in Fast Flow have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Fast Flow compatible with WordPress 6.7.5?

According to WordPress.org data, Fast Flow 1.2.18 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Fast Flow compatible with PHP 7.4+?

Fast Flow requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Fast Flow updated?

Fast Flow was last updated on Feb 17, 2025. Frequent updates are generally a positive security signal.

What is Fast Flow's security score?

Fast Flow has a WP-Safety security score of 89/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Fast Flow Security & Risk Analysis

wordpress.org/plugins/fast-flow-dashboard

Data dashboard, user tagging and settings plugin for Fast Flow plugins system.

100 active installs v1.2.18 PHP 7.4+ WP 6.5+ Updated Feb 17, 2025

dashboardfast-flowfastflowuser-tags

A · Safe

CVEs total4

Unpatched0

Last CVEFeb 22, 2025

Plugin page Download

Safety Verdict

Is Fast Flow Safe to Use in 2026?

Generally Safe

Score 89/100

Fast Flow has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Feb 22, 2025Updated 1yr ago

Risk Assessment

The "fast-flow-dashboard" plugin v1.2.18 presents a mixed security posture. While the code exhibits good practices like a high percentage of prepared SQL statements and properly escaped output, significant concerns exist due to its attack surface. The presence of two AJAX handlers without authentication checks is a critical weakness, potentially allowing unauthorized actions or information disclosure.

The static analysis reveals a limited taint analysis, with no high or critical severity issues found in the analyzed flows. However, the presence of the `unserialize` dangerous function without explicit context of its usage raises a red flag, as it can be a vector for object injection vulnerabilities if not handled with extreme care and proper sanitization. The plugin has a history of four medium severity Cross-site Scripting (XSS) vulnerabilities, with the last one being in early 2025. This suggests a recurring pattern of input sanitization or output encoding issues that have been present in the past, even though currently unpatched vulnerabilities are zero.

Key Concerns

Unprotected AJAX handlers detected
Dangerous function unserialize detected
Medium severity CVEs in vulnerability history

Vulnerabilities

Fast Flow Security Vulnerabilities

CVEs by Year

3 CVEs in 2022

2022

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

4 total CVEs

CVE-2025-26868medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Fast Flow <= 1.2.16 - Reflected Cross-Site Scripting

Feb 22, 2025 Patched in 1.2.18 (10d)

WF-370e816c-920a-4e53-a2f8-afe2806c9df3-fast-flow-dashboardmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Fast Flow <= 1.2.11 - Reflected Cross-Site Scripting

Aug 15, 2022 Patched in 1.2.12 (526d)

CVE-2022-2775medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Fast Flow <= 1.2.12 - Authenticated (Admin+) Stored Cross-Site Scripting

Jul 31, 2022 Patched in 1.2.13 (541d)

CVE-2022-1269medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Fast Flow <= 1.2.10 - Cross-Site Scripting

Apr 13, 2022 Patched in 1.2.11 (650d)

Code Analysis

Analyzed Mar 16, 2026

Fast Flow Code Analysis

Dangerous Functions

Raw SQL Queries

10 prepared

Unescaped Output

81 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$fmxtraoptions = unserialize($obj[0]->settings_data);includes\fast-tagger-init.php:83

unserialize$fmxtraoptions = unserialize($obj[0]->settings_data);includes\fast-tagger-users-functions.php:459

unserialize$fmxtraoptions = unserialize($obj[0]->settings_data);includes\fast-tagger-users-functions.php:601

SQL Query Safety

77% prepared13 total queries

Output Escaping

98% escaped83 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

fast_tags_list (includes\fast-tagger-pages.php:24)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Fast Flow Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

noprivwp_ajax_fastflow_get_kartra_tagsfastflow.php:52

authwp_ajax_fastflow_get_kartra_tagsfastflow.php:53

WordPress Hooks 24

actionplugins_loadedfastflow.php:50

actioninitfastflow.php:51

actioninitfastflow.php:69

filteradmin_body_classfastflow.php:79

actionadmin_noticesfastflow.php:101

actionadmin_footerincludes\fast-tagger-init.php:12

actionafter_tag_applied_hookincludes\fast-tagger-init.php:61

actioninitincludes\fast-tagger-init.php:122

actionFM_after_member_registeredincludes\fast-tagger-init.php:183

actionFM_after_transaction_recordedincludes\fast-tagger-init.php:258

actionFM_after_transaction_refundedincludes\fast-tagger-init.php:293

actionFM_after_subscription_cancelledincludes\fast-tagger-init.php:327

actionadmin_enqueue_scriptsincludes\fast-tagger-init.php:370

actionwp_enqueue_scriptsincludes\fast-tagger-init.php:372

actionwp_headincludes\fast-tagger-init.php:395

actionin_admin_footerincludes\fast-tagger-init.php:417

actionwp_footerincludes\fast-tagger-init.php:419

actioninitincludes\fast-tagger-init.php:496

filterfm_prod_third_party_intincludes\fast-tagger-init.php:500

actionfast_tag_add_form_fieldsincludes\fast-tagger-init.php:781

actionfast_tag_edit_form_fieldsincludes\fast-tagger-init.php:783

actionedited_fast_tagincludes\fast-tagger-init.php:810

actioncreate_fast_tagincludes\fast-tagger-init.php:812

actionadmin_footerincludes\fast-tagger-init.php:816

Maintenance & Trust

Fast Flow Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedFeb 17, 2025

PHP min version7.4

Downloads9K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

Fast Flow Alternatives

MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)

google-analytics-for-wordpress

The best free Google Analytics plugin for WordPress. See how visitors find and use your website so you can grow your business with powerful analytics.

2.0M 10 CVEs

Admin Menu Editor

admin-menu-editor

Lets you edit the WordPress admin menu. You can re-order, hide or rename menus, add custom menus and more.

400K 3 CVEs

ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin)

google-analytics-dashboard-for-wp

Connects Google Analytics with your WordPress site. Displays stats to help you understand your users and site content on a whole new level!

300K 5 CVEs

White Label CMS

white-label-cms

Customise dashboard panels and branding, hide menus plus lots more.

200K 7 CVEs

Independent Analytics – Google Analytics Alternative for WordPress

independent-analytics

100

A simple WordPress analytics plugin that is privacy-friendly, fast, and an alternative to Google Analytics.

100K No CVEs

Developer Profile

Fast Flow Developer Profile

fastflow

14 plugins · 940 total installs

trust score

Avg Security Score

87/100

Avg Patch Time

432 days

View full developer profile

Detection Fingerprints

How We Detect Fast Flow

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/fast-flow-dashboard/assets/css/fast-flow-dashboard.css/wp-content/plugins/fast-flow-dashboard/assets/js/fast-flow-dashboard.js/wp-content/plugins/fast-flow-dashboard/assets/js/selectize.min.js/wp-content/plugins/fast-flow-dashboard/assets/js/jquery.datetimepicker.full.min.js/wp-content/plugins/fast-flow-dashboard/assets/css/jquery.datetimepicker.min.css

Script Paths

/wp-content/plugins/fast-flow-dashboard/assets/js/fast-flow-dashboard.js

Version Parameters

fast-flow-dashboard/assets/css/fast-flow-dashboard.css?ver=fast-flow-dashboard/assets/js/fast-flow-dashboard.js?ver=fast-flow-dashboard/assets/js/selectize.min.js?ver=fast-flow-dashboard/assets/js/jquery.datetimepicker.full.min.js?ver=fast-flow-dashboard/assets/css/jquery.datetimepicker.min.css?ver=

HTML / DOM Fingerprints

CSS Classes

ff-d-lightff-d-darkff-d-minimalff_fromff_to

Data Attributes

data-fastflow-urldata-fastflow-nonce

JS Globals

fastFlowDashboardSettingsFastFlowDashboard

REST Endpoints

/wp-json/fast-flow/v1/settings

FAQ