Every CVE whose affected-product data names Xwp Stream, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2021-24772 — CVSS 8.8 (high): The Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard…
CVE-2024-7423 — CVSS 8.8 (high): The Stream plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.1. This is due to…
CVE-2022-4384 — CVSS 6.5 (medium): The Stream WordPress plugin before 3.9.2 does not prevent users with little privileges on the site (like subscribers) from using its alert…