5 matches found
CVE-2022-4384
The Stream WordPress plugin before 3.9.2 does not prevent users with little privileges on the site like subscribers from using its alert creation functionality, which may enable them to leak sensitive information...
CVE-2022-4384
creationtimestamp| type| source ---|---|--- 2023-02-06 22:23:39+00:00| seen| https://t.me/cibsecurity/57584 2025-03-25 21:25:31+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/8782...
CVE-2022-4384 Stream < 3.9.2 - Subscriber+ Alert Creation
The Stream WordPress plugin before 3.9.2 does not prevent users with little privileges on the site like subscribers from using its alert creation functionality, which may enable them to leak sensitive information...
CVE-2022-4384
CVE-2022-4384 affects the WordPress Stream plugin prior to 3.9.2. The root cause is broken access control that lets low-privilege users (e.g., subscribers) access alert creation, potentially leaking sensitive information. A fix is available in version 3.9.2; upgrading mitigates the issue. Multipl...
WordPress Stream Plugin < 3.9.2 is vulnerable to Broken Access Control
Software Stream Type Plugin Vulnerable versions 3.9.2 Fixed in 3.9.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4384 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID ad3b89e6bfd1 Credits Krzysztof Zajac Required privilege...