Description
Cross-site request forgery (CSRF) vulnerability in the Stream Video Player plugin 1.4.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/94466
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/52954
Scores
EPSS
0.0097
EPSS Percentile
57.7%
Details
CWE
CWE-352
Status
published
Products (1)
rodrigo_polo/stream_video_player
1.4.0
Published
Apr 11, 2014
Tracked Since
Feb 18, 2026