WordPress Plugin Stream Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress WP Lead Stream Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Lead Stream Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d2971cba9459 Credits Rafie Muhammad Patchstack Required...

CVE-2023-28774 WordPress Review Stream Plugin <= 1.6.5 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Grade Us, Inc. Review Stream plugin = 1.6.5 versions...

CVE-2023-28774 WordPress Review Stream Plugin <= 1.6.5 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Grade Us, Inc. Review Stream plugin = 1.6.5 versions...

CVE-2022-43490

Cross-Site Request Forgery CSRF vulnerability in XWP Stream plugin = 3.9.2 versions...

CVE-2022-43490

Cross-Site Request Forgery CSRF vulnerability in XWP Stream plugin = 3.9.2 versions...

CVE-2022-43490 WordPress Stream Plugin <= 3.9.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in XWP Stream plugin = 3.9.2 versions...

CVE-2022-43490

CVE-2022-43490 affects the WordPress Stream plugin prior to version 3.9.3, with CSRF vulnerability allowing unauthenticated actions. According to Patchstack and Red Hat/NVD entries, the issue is fixed in 3.9.3; CVSS v3.1 base score 8.8 (HIGH) on NVD and 5.4 (MEDIUM) on Patchstack, depending on ve...

CVE-2022-43490 WordPress Stream Plugin <= 3.9.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in XWP Stream plugin = 3.9.2 versions...

PT-2023-14224 · Unknown · Xwp Stream

Name of the Vulnerable Software and Affected Versions: XWP Stream plugin versions prior to 3.9.2 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web...

WordPress plugin Stream 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress Stream Plugin <= 3.9.2 is vulnerable to Insecure Direct Object References (IDOR)

Software Stream Type Plugin Vulnerable versions = 3.9.2 Fixed in 3.9.3 OWASP Top 10 A1: Injection Classification Insecure Direct Object References IDOR CVE CVE-2022-43450 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 760a85c05111 Credits Lucio Sá Required privilege...

WordPress Stream Plugin <= 3.9.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Stream Type Plugin Vulnerable versions = 3.9.2 Fixed in 3.9.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-43490 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID deaa1ceaba9b Credits Lucio Sá Required privilege...

Stream Plugin for WordPress < 3.9.2 Broken Access Control

The WordPress Stream Plugin installed on the remote host is affected by a broken access control vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

WordPress Review Stream Plugin <= 1.6.5 is vulnerable to Cross Site Scripting (XSS)

Software Review Stream Type Plugin Vulnerable versions = 1.6.5 Fixed in 1.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28774 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID d19b354aa4eb Credits Rio Darmawan Required...

CVE-2022-4384

The Stream WordPress plugin before 3.9.2 does not prevent users with little privileges on the site like subscribers from using its alert creation functionality, which may enable them to leak sensitive information...

WordPress plugin Stream 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Stream Plugin < 3.9.2 is vulnerable to Broken Access Control

Software Stream Type Plugin Vulnerable versions 3.9.2 Fixed in 3.9.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4384 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID ad3b89e6bfd1 Credits Krzysztof Zajac Required privilege...

WordPress SQL Injection Vulnerability (CNVD-2021-91420)

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on PHP and MySQL servers.The WordPress Stream plugin has a SQL injection vulnerability in versions prior to 3.8.2, which stems from the la...

WordPress SQL注入漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on PHP and MySQL servers.The WordPress Stream plugin has a SQL injection vulnerability in versions prior to 3.8.2, which stems from the la...