Stream < 3.9.3 – Missing Authorization via load_alerts_settings | CVE 2022-43450

Affects Plugins

stream

Fixed in 3.9.3

References

CVE

CVE-2022-43450

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CWE-862

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

Lucio Sá

Verified

No

WPVDB ID

d20d1197-bfa8-4a2f-bb48-1f820cd105ca

Timeline

Publicly Published

2023-04-25 (about 2 years ago)

Added

2023-05-25 (about 2 years ago)

Last Updated

2023-05-25 (about 2 years ago)

Other

Published

Title

Published

2025-01-06

Title

Jupiter X Core < 4.8.6 - Missing Authorization to Authenticated Library Sync

Published

2023-09-05

Title

Slider Pro < 4.8.7 - Missing Authorization via AJAX actions

Published

2025-01-03

Title

WPvivid Backup and Migration < 0.9.107 - Missing Authorization

Published

2024-12-11

Title

AI Post Generator | AutoWriter <= 3.5 - Missing Authorization to Authenticated (Contributor+) Post/Page Deletion

Published

2025-04-01

Title

Barcode Generator for WooCommerce < 2.0.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update