2 matches found
CVE-2025-2526 Streamit <= 4.0.2 - Authenticated (Subscriber+) Privilege Escalation via User Email Change/Account Takeover
The Streamit theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email in the 'stAuthenticationController::editprofile'...
WordPress Streamit Theme <= 4.0.2 is vulnerable to Privilege Escalation
Software Streamit Type Theme Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2025-2526 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 6913aeb6838d Credits István Márton...