14 matches found
CVE-2025-2525
The Streamit theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'stAuthenticationController::editprofile' function in all versions up to, and including, 4.0.1. This makes it possible for authenticated attackers, with subscriber-level and above...
CVE-2025-2526
The Streamit theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email in the 'stAuthenticationController::editprofile'...
CVE-2025-2525
The Streamit theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'stAuthenticationController::editprofile' function in all versions up to, and including, 4.0.1. This makes it possible for authenticated attackers, with subscriber-level and above...
CVE-2025-2525 Streamit <= 4.0.1 - Authenticated (Subscriber+) Arbitrary File Upload
The Streamit theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'stAuthenticationController::editprofile' function in all versions up to, and including, 4.0.1. This makes it possible for authenticated attackers, with subscriber-level and above...
CVE-2025-2525
The CVE-2025-2525 entry concerns the WordPress Streamit theme. Public detail confirms an Arbitrary File Upload flaw caused by missing file-type validation in st_Authentication_Controller::edit_profile, affecting all versions up to 4.0.1. The vulnerability requires authentication at Subscriber lev...
CVE-2025-2519 Streamit <= 4.0.1 - Authenticated (Subscriber+) Arbitrary File Download
The Sreamit theme for WordPress is vulnerable to arbitrary file downloads in all versions up to, and including, 4.0.1. This is due to insufficient file validation in the 'stsenddownloadfile' function. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
CVE-2025-2519 Streamit <= 4.0.1 - Authenticated (Subscriber+) Arbitrary File Download
The Sreamit theme for WordPress is vulnerable to arbitrary file downloads in all versions up to, and including, 4.0.1. This is due to insufficient file validation in the 'stsenddownloadfile' function. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
CVE-2025-2526 Streamit <= 4.0.2 - Authenticated (Subscriber+) Privilege Escalation via User Email Change/Account Takeover
The Streamit theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email in the 'stAuthenticationController::editprofile'...
CVE-2025-2526 Streamit <= 4.0.2 - Authenticated (Subscriber+) Privilege Escalation via User Email Change/Account Takeover
The Streamit theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email in the 'stAuthenticationController::editprofile'...
CVE-2025-2526
CVE-2025-2526 affects the Streamit WordPress theme. The vulnerability allows privilege escalation via account takeover because st_Authentication_Controller::edit_profile does not properly validate the user before updating details (e.g., email), enabling unauthenticated attackers to change user em...
PT-2025-15317 · WordPress · Streamit
Name of the Vulnerable Software and Affected Versions: Streamit theme for WordPress versions up to, and including, 4.0.1 Description: The issue is related to arbitrary file uploads due to missing file type validation in the st Authentication Controller::edit profile function. This allows...
PT-2025-15316 · WordPress · Streamit
Name of the Vulnerable Software and Affected Versions: Sreamit theme for WordPress versions prior to 4.0.2 Description: The issue is related to insufficient file validation in the st send download file function, allowing authenticated attackers with subscriber-level access or higher to download...
PT-2025-15318 · WordPress · Streamit
Name of the Vulnerable Software and Affected Versions: Streamit theme for WordPress versions prior to 4.0.3 Description: The issue allows for privilege escalation via account takeover due to improper validation of a user's identity prior to updating their details, such as email, in the st...
WordPress Streamit Theme <= 4.0.1 is vulnerable to Arbitrary File Download
Software Streamit Type Theme Vulnerable versions = 4.0.1 Fixed in 4.0.2 OWASP Top 10 A3: Injection Classification Arbitrary File Download CVE CVE-2025-2519 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 446a13c89b70 Credits István Márton Required privilege Subscriber...