Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:9 a.m.15 views

CVE-2022-4384

The Stream WordPress plugin before 3.9.2 does not prevent users with little privileges on the site like subscribers from using its alert creation functionality, which may enable them to leak sensitive information...

6.5CVSS6.4AI score0.0091EPSS
Exploits2References1
Circl
Circl
added 2023/02/06 10:23 p.m.5 views

CVE-2022-4384

creationtimestamp| type| source ---|---|--- 2023-02-06 22:23:39+00:00| seen| https://t.me/cibsecurity/57584 2025-03-25 21:25:31+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/8782...

6.5CVSS6.3AI score0.0091EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2023/02/06 7:59 p.m.3 views

CVE-2022-4384 Stream < 3.9.2 - Subscriber+ Alert Creation

The Stream WordPress plugin before 3.9.2 does not prevent users with little privileges on the site like subscribers from using its alert creation functionality, which may enable them to leak sensitive information...

6.7AI score0.0091EPSS
Exploits2References1
CVE
CVE
added 2023/02/06 7:59 p.m.67 views

CVE-2022-4384

CVE-2022-4384 affects the WordPress Stream plugin prior to 3.9.2. The root cause is broken access control that lets low-privilege users (e.g., subscribers) access alert creation, potentially leaking sensitive information. A fix is available in version 3.9.2; upgrading mitigates the issue. Multipl...

6.5CVSS6.3AI score0.0091EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2023/01/16 12:0 a.m.17 views

WordPress Stream Plugin < 3.9.2 is vulnerable to Broken Access Control

Software Stream Type Plugin Vulnerable versions 3.9.2 Fixed in 3.9.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4384 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID ad3b89e6bfd1 Credits Krzysztof Zajac Required privilege...

6.5CVSS6.5AI score0.0091EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder