CVE-2022-4384

CVE-2022-4384 affects the WordPress Stream plugin prior to 3.9.2. The root cause is broken access control that lets low-privilege users (e.g., subscribers) access alert creation, potentially leaking sensitive information. A fix is available in version 3.9.2; upgrading mitigates the issue. Multipl...

CVE-2022-43490

CVE-2022-43490 affects the WordPress Stream plugin prior to version 3.9.3, with CSRF vulnerability allowing unauthenticated actions. According to Patchstack and Red Hat/NVD entries, the issue is fixed in 3.9.3; CVSS v3.1 base score 8.8 (HIGH) on NVD and 5.4 (MEDIUM) on Patchstack, depending on ve...

CVE-2024-7423

CVE-2024-7423 — Stream WordPress Plugin : The Stream plugin (version ≤ 4.0.1) is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation in the network_options_action() function. This allows unauthenticated attackers to update arbitrary options, potentially causing D...

CVE-2022-43450

CVE-2022-43450 affects WordPress Stream plugin versions = 3.9.3. If upgrading, verify plugin version after patch to ensure the vulnerability is mitigated.

CVE-2021-24772

CVE-2021-24772 affects the WordPress Stream plugin prior to 3.8.2. The issue arises from not sanitising/validating the order GET parameter in the Stream Records admin dashboard before it is used in a SQL statement, enabling SQL injection. Public sources in connected documents confirm the vulnerab...