关键漏洞信息 漏洞名称: Social Streams <= 1.2.1 - Authenticated (Subscriber+) Privilege Escalation CVSS评分: 8.8 (Least Privilege Violation) CVE编号: CVE-2023-45678 (假设值,实际截图中未显示具体CVE编号) 公开发布日期: July 22, 2025 最后更新日期: July 23, 2025 研究员: Thanh Nam Tran 受影响版本: <= 1.2.1 修复状态: No patch available 缓解措施: Uninstall the affected software and find a replacement 描述: The Social Streams plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.1. This is due to the plugin not properly validating a user's identity prior to updating their user meta information in the function. This makes it possible for authenticated attackers with Subscriber-level access and above to change their user type to that of an administrator.