CVE-2026-39527 WordPress WpStream plugin < 4.11.2 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in WpStream 4.11.2 versions...

CVE-2026-39526 WordPress WpStream plugin < 4.11.2 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through 4.11.2...