Security vulnerabilities in XWP (1)


  • Audit Log Tampering through IP spoofing – Stream <= 3.9.3

    Affected plugin Stream Active installs 80,000+ Vulnerable version <= 3.9.3 Audited version 3.9.3 Fully patched version 4.0.0 Recommended remediation Upgrade to version 4.0.0 or higher. Description The plugin, utilized for audit and security logging, exhibits a vulnerability whereby malicious actors can easily spoof IP addresses. This is less than ideal, given the plugin’s widespread use…