3 matches found
CVE-2022-4384
CVE-2022-4384 affects the WordPress Stream plugin prior to 3.9.2. The root cause is broken access control that lets low-privilege users (e.g., subscribers) access alert creation, potentially leaking sensitive information. A fix is available in version 3.9.2; upgrading mitigates the issue. Multipl...
CVE-2024-7423
CVE-2024-7423 — Stream WordPress Plugin : The Stream plugin (version ≤ 4.0.1) is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation in the network_options_action() function. This allows unauthenticated attackers to update arbitrary options, potentially causing D...
CVE-2021-24772
CVE-2021-24772 affects the WordPress Stream plugin prior to 3.8.2. The issue arises from not sanitising/validating the order GET parameter in the Stream Records admin dashboard before it is used in a SQL statement, enabling SQL injection. Public sources in connected documents confirm the vulnerab...