Xwp Stream
6 CVEs affecting Xwp Stream. Latest disclosed: 2025-02-17. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-7423 | High | 8.8 | 2024-09-13 | The Stream plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.1. This is due to missing or incorrect no… |
CVE-2021-24772 | High | 8.8 | 2021-11-17 | The Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQ… |
CVE-2022-4384 | Medium | 6.5 | 2023-02-06 | The Stream WordPress plugin before 3.9.2 does not prevent users with little privileges on the site (like subscribers) from using its alert creation functionali… |
CVE-2024-13879 | Medium | 5.5 | 2025-02-17 | The Stream plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.2 due to insufficient validation on the… |
CVE-2022-43490 | Medium | 5.4 | 2023-05-25 | Cross-Site Request Forgery (CSRF) vulnerability in XWP Stream plugin <= 3.9.2 versions. |
CVE-2022-43450 | Medium | 4.3 | 2023-12-19 | Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream.This issue affects Stream: from n/a through 3.9.2. |