CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Stream plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.2 due to insufficient validation on the webhook feature. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to...

5.5CVSS9.2AI score0.00088EPSS

Exploits0References1

NVD•added 2025/02/17 4:15 p.m.•7 views

CVE-2024-13879

5.5CVSS0.00088EPSS

Exploits0References3

OSV•added 2025/02/17 4:15 p.m.•0 views

CVE-2024-13879

5.5CVSS5.9AI score0.00088EPSS

Exploits0References3

Vulnrichment•added 2025/02/17 3:21 p.m.•6 views

CVE-2024-13879 Stream <= 4.0.2 - Authenticated (Admin+) Server-Side Request Forgery

5.5CVSS5.3AI score0.00088EPSS

Exploits0References3

CVE•added 2025/02/17 3:21 p.m.•50 views

CVE-2024-13879

CVE-2024-13879 – WordPress Stream plugin : The vulnerability is a Server-Side Request Forgery (SSRF) in Stream versions up to 4.0.2, caused by insufficient validation of the webhook feature. Exploitation requires authenticated access with administrator-level privileges or higher, allowing an atta...

5.5CVSS5.4AI score0.00088EPSS

Exploits0References3

CNNVD•added 2025/02/17 12:0 a.m.•1 views

WordPress plugin Stream 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

5.5CVSS8.3AI score0.00088EPSS

Exploits0References4

Positive Technologies•added 2025/02/17 12:0 a.m.•3 views

PT-2025-6619 · WordPress · Stream

Name of the Vulnerable Software and Affected Versions: The Stream plugin for WordPress versions up to, and including, 4.0.2 Description: The issue is related to Server-Side Request Forgery due to insufficient validation on the webhook feature. This allows authenticated attackers with...

5.5CVSS9.3AI score0.00088EPSS

Exploits0References7

Patchstack•added 2025/02/14 9:58 p.m.•1 views

WordPress Stream plugin <= 4.0.2 - Authenticated (Admin+) Server-Side Request Forgery vulnerability

Authenticated Admin+ Server-Side Request Forgery vulnerability discovered by Francesco Carlucci in WordPress Plugin Stream versions = 4.0.2...

5.5CVSS7.1AI score0.00088EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/02/05 11:35 a.m.•10 views

CVE-2024-7423

The Stream plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.1. This is due to missing or incorrect nonce validation on the networkoptionsaction function. This makes it possible for unauthenticated attackers to update arbitrary options that...

8.8CVSS6.8AI score0.00722EPSS

Exploits0References1

OSV•added 2024/09/13 3:15 p.m.•0 views

CVE-2024-7423

8.8CVSS5.7AI score

Exploits0References3

Patchstack•added 2024/09/13 6:30 a.m.•1 views

WordPress Stream plugin <= 4.0.1 - Cross-Site Request Forgery to Arbitrary Options Update vulnerability

Cross-Site Request Forgery to Arbitrary Options Update vulnerability discovered by vgo0 in WordPress Plugin Stream versions = 4.0.1...

8.8CVSS7AI score0.00722EPSS

Exploits0References1Affected Software1

CNNVD•added 2024/09/13 12:0 a.m.•1 views

WordPress plugin Stream 跨站请求伪造漏洞

8.8CVSS6.7AI score0.00722EPSS

Exploits0References4

Patchstack•added 2024/09/13 12:0 a.m.•9 views

WordPress Stream Plugin <= 4.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Stream Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.0.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7423 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID c46db6dcec76 Credits vgo0 Required privilege...

8.8CVSS6.7AI score0.00722EPSS

Exploits0References3Affected Software1