CVE-2024-13879

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Feb 17, 2025

CWE ID 918

Summary

CVE-2024-13879 is a Server-Side Request Forgery (SSRF) vulnerability affecting the Stream plugin for WordPress. This issue, present in all versions up to 4.0.2, allows authenticated attackers with administrator-level access to send malicious web requests from the WordPress application. These requests can be used to query and manipulate data from internal services, potentially leading to unauthorized information disclosure or modification.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3YQjKz
https://www.cve.org/CVERecord?id=CVE-2024-13879
https://nvd.nist.gov/vuln/detail/CVE-2024-13879

Back to Vulnerability Database

CVE-2024-13879

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations