7 matches found
CVE-2021-24772
The Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection issue...
CVE-2022-4384
The Stream WordPress plugin before 3.9.2 does not prevent users with little privileges on the site like subscribers from using its alert creation functionality, which may enable them to leak sensitive information...
CVE-2022-4384 Stream < 3.9.2 - Subscriber+ Alert Creation
The Stream WordPress plugin before 3.9.2 does not prevent users with little privileges on the site like subscribers from using its alert creation functionality, which may enable them to leak sensitive information...
CVE-2022-4384
CVE-2022-4384 affects the WordPress Stream plugin prior to 3.9.2. The root cause is broken access control that lets low-privilege users (e.g., subscribers) access alert creation, potentially leaking sensitive information. A fix is available in version 3.9.2; upgrading mitigates the issue. Multipl...
CVE-2021-24772
The Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection issue...
CVE-2021-24772
The Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection issue...
Sql injection
The Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection issue...