Primary

Context

StreamTube Core WordPress Plugin Password Change Vulnerability

Vulnerability

A vulnerability allowing unauthenticated users to change passwords has been identified in the StreamTube Core plugin for WordPress, affecting versions through 4.78. This issue arises from the plugin's authorization bypass, which allows users to manipulate access to objects and resources. Exploitation is possible only if the 'registration password fields' option is enabled in the theme settings.

Impact

Exploitation of this vulnerability could lead to unauthorized password changes, potentially allowing attackers to gain control of user accounts, including those of administrators.

Remediation

Users are advised to update the StreamTube Core plugin to version 4.79 or a newer patched version.

Added: Nov 30, 2025, 2:18 AM

Updated: Nov 30, 2025, 2:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

StreamTube Core WordPress Plugin Password Change Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating