Stream < 3.9.2 - Subscriber+ Alert Creation
CVE-2022-4384

6.5MEDIUM

Key Information:

Vendor: Wordpress
Status: Stream
Vendor: CVE Published:; 6 February 2023

Summary

The Stream WordPress plugin before 3.9.2 does not prevent users with little privileges on the site (like subscribers) from using its alert creation functionality, which may enable them to leak sensitive information.

Affected Version(s)

Stream 0 < 3.9.2

References

https://wpscan.com/vulnerability/2b506252-6f37-439e-8984-...

exploitvdb-entrytechnical-description

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 6, 2023
Vulnerability Reserved
Dec 9, 2022

Credit

Krzysztof Zając

WPScan