Stream

stream

Vendor: Xwp • 5 CVEs

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-7423 1Xwp 1Stream Sep 26, 2024 Sep 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The Stream plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.1. This is due to missing or incorrect nonce validation on the network_options_action() function. This...Show more The Stream plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.1. This is due to missing or incorrect nonce validation on the network_options_action() function. This makes it possible for unauthenticated attackers to update arbitrary options that can lead to DoS or privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2022-43450 1Xwp 1Stream Apr 28, 2026 Dec 19, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream.This issue affects Stream: from n/a through 3.9.2.
CVE-2022-43490 1Xwp 1Stream Nov 21, 2024 May 25, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in XWP Stream plugin <= 3.9.2 versions.
CVE-2022-4384 1Xwp 1Stream Mar 25, 2025 Feb 6, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The Stream WordPress plugin before 3.9.2 does not prevent users with little privileges on the site (like subscribers) from using its alert creation functionality, which may enable them to leak sensitive information.
CVE-2021-24772 1Xwp 1Stream Nov 21, 2024 Nov 17, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection issue.