Vendor
Xwp
Products
1
CVEs
3
Across products
3
Status
Private
Products
1- 3 CVEs
Recent CVEs
3| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-43450 | Med | 0.28 | 4.3 | 0.00 | Dec 19, 2023 | Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream.This issue affects Stream: from n/a through 3.9.2. | |
| CVE-2024-7423 | 0.00 | — | 0.01 | Sep 13, 2024 | The Stream plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.1. This is due to missing or incorrect nonce validation on the network_options_action() function. This makes it possible for unauthenticated attackers to update arbitrary options that can lead to DoS or privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||
| CVE-2022-43490 | 0.00 | — | 0.00 | May 25, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in XWP Stream plugin <= 3.9.2 versions. |