Skip to main content

Stream

3 CVEs product

Monthly

CVE-2024-7423 HIGH PATCH This Week

The Stream plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Privilege Escalation WordPress CSRF Stream
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-43450 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream.9.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Stream
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2021-24772 HIGH POC PATCH This Week

The Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress SQLi Stream
NVD WPScan
CVSS 3.1
8.8
EPSS
1.5%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

The Stream plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Privilege Escalation WordPress CSRF +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream.9.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Stream
NVD
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

The Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress SQLi Stream
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy