Browse all 4 CVE security advisories affecting XWP. AI-powered Chinese analysis, POCs, and references for each vulnerability.
XWP develops WordPress-focused security solutions and services, protecting websites from common web vulnerabilities. Historically, their products have faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation issues. The company maintains a moderate security posture with four CVEs recorded, primarily related to input validation and access control flaws. While no major security incidents have been widely documented, their codebase occasionally contains insufficient sanitization of user inputs and improper privilege checks. XWP's security characteristics reflect typical WordPress plugin challenges, emphasizing the need for regular updates and proper input handling to mitigate potential exploitation risks in their security offerings.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-13879 | Stream <= 4.0.2 - Authenticated (Admin+) Server-Side Request Forgery — StreamCWE-918 | 5.5 | Medium | 2025-02-17 |
| CVE-2024-7423 | Stream <= 4.0.1 - Cross-Site Request Forgery to Arbitrary Options Update — StreamCWE-352 | 8.8 | High | 2024-09-13 |
| CVE-2022-43450 | WordPress Stream Plugin <= 3.9.2 is vulnerable to Insecure Direct Object References (IDOR) — StreamCWE-639 | 4.3 | Medium | 2023-12-19 |
| CVE-2022-43490 | WordPress Stream Plugin <= 3.9.2 is vulnerable to Cross Site Request Forgery (CSRF) — StreamCWE-352 | 5.4 | Medium | 2023-05-25 |
This page lists every published CVE security advisory associated with XWP. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.