Browse all 5 CVE security advisories affecting wpstream. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Wpstream is a WordPress plugin designed to stream video content directly from platforms like YouTube and Vimeo. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The plugin has accumulated five CVEs, with several allowing attackers to execute arbitrary code or manipulate content. Security researchers have noted that improper input validation and insufficient permission checks have been recurring issues. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities suggests potential risks for unpatched installations, emphasizing the need for regular updates and careful implementation.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-39526 | WordPress WpStream plugin < 4.11.2 - Insecure Direct Object References (IDOR) vulnerability — WpStreamCWE-639 | 5.4 | Medium | 2026-04-08 |
| CVE-2025-68522 | WordPress WpStream plugin <= 4.9.5 - Broken Access Control vulnerability — WpStreamCWE-862 | 4.3 | Medium | 2025-12-24 |
| CVE-2025-68521 | WordPress WpStream plugin <= 4.9.5 - Broken Access Control vulnerability — WpStreamCWE-862 | 5.3 | Medium | 2025-12-24 |
| CVE-2023-27458 | WordPress WpStream – Live Streaming, Video on Demand, Pay Per View Plugin <= 4.4.10 is vulnerable to Cross Site Request Forgery (CSRF) — WpStreamCWE-352 | 4.3 | Medium | 2023-11-22 |
| CVE-2023-38512 | WordPress WpStream plugin <= 4.5.4 - Cross Site Request Forgery (CSRF) vulnerability — WpStreamCWE-352 | 5.4 | Medium | 2023-07-27 |
This page lists every published CVE security advisory associated with wpstream. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.