ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Stream Plugin <= 3.0.5 - Unauthenticated Events Export

Product
Stream
Description
Because of this vulnerability, unauthenticated users can export CSV or JSON of recent events.
Solution
Update the plugin.
Classification
Type Open Redirection
OWASP Top 10 A2: Broken Authentication and Session Management
References
WordPress
CVE
Name CVE-N/A
Versions
Affected In <= 3.0.5
Fixed In 3.0.6
Disclosure date
2016-05-31
Credits
James Golovich