Xwp Stream

6 CVEs affecting Xwp Stream. Latest disclosed: 2025-02-17. Critical: 0, High: 2.

Top CVEs affecting Xwp Stream
CVESeverityScorePublishedSummary
CVE-2024-7423High8.82024-09-13The Stream plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.1. This is due to missing or incorrect no…
CVE-2021-24772High8.82021-11-17The Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQ…
CVE-2022-4384Medium6.52023-02-06The Stream WordPress plugin before 3.9.2 does not prevent users with little privileges on the site (like subscribers) from using its alert creation functionali…
CVE-2024-13879Medium5.52025-02-17The Stream plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.2 due to insufficient validation on the…
CVE-2022-43490Medium5.42023-05-25Cross-Site Request Forgery (CSRF) vulnerability in XWP Stream plugin <= 3.9.2 versions.
CVE-2022-43450Medium4.32023-12-19Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream.This issue affects Stream: from n/a through 3.9.2.