WordPress StreamTube Core plugin arbitrary user password change vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An arbitrary user password change vulnerability exists in the WordPress StreamTube Core plugin that originates from providing user-controlled access to objects, allowing a user ...

WordPress StreamTube Core plugin <= 4.78 - Unauthenticated Arbitrary User Password Change vulnerability

Unauthenticated Arbitrary User Password Change vulnerability discovered by Foxyyy in WordPress Plugin StreamTube Core versions = 4.78...

Exploit for CVE-2025-13615

Lab: CVE-2025-13615 - Authorization Bypass Through User-Contro...

CVE-2025-13615

The StreamTube Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 4.78. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

EUVD-2025-199915

The StreamTube Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 4.78. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

CVE-2025-13615 StreamTube Core <= 4.78 - Unauthenticated Arbitrary User Password Change

The StreamTube Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 4.78. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

CVE-2025-13615

CVE-2025-13615 concerns the WordPress StreamTube Core plugin (versions up to 4.78). The issue arises from user-controlled access to objects, allowing unauthenticated attackers to bypass authorization and perform arbitrary password changes on user accounts, potentially taking over administrator ac...

CVE-2025-13615 StreamTube Core <= 4.78 - Unauthenticated Arbitrary User Password Change

The StreamTube Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 4.78. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

PT-2025-48376

Name of the Vulnerable Software and Affected Versions StreamTube Core plugin for WordPress versions up to and including 4.78 Description The StreamTube Core plugin for WordPress is susceptible to Arbitrary User Password Change. This occurs because the plugin grants user-controlled access to...

WordPress plugin StreamTube Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An arbitrary user password change vulnerability exists in the WordPress StreamTube Core plugin that originates from providing user-controlled access to objects, allowing a user ...