← volver
CVE-2025-2519

Streamit <= 4.0.1 - Authenticated (Subscriber+) Arbitrary File Download

CVSS 6.5 MEDIUMEPSS 0.4%CWE-22
The Sreamit theme for WordPress is vulnerable to arbitrary file downloads in all versions up to, and including, 4.0.1. This is due to insufficient file validation in the 'st_send_download_file' function. This makes it possible for authenticated attackers, with subscriber-level access and above, to download arbitrary files.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Productos afectados
iqonicdesign · Streamit

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://documentation.iqonic.design/streamit/change-log/streamit-v4-0/https://themeforest.net/item/streamit-video-streaming-wordpress-theme/29772881https://www.wordfence.com/threat-intel/vulnerabilities/id/fd28c405-ed2f-435a-806c-1fc43cac0f80?source=cve