CVE-2022-43490
WordPress Stream Plugin <= 3.9.2 is vulnerable to Cross Site Request Forgery (CSRF)Cross-Site Request Forgery (CSRF) vulnerability in XWP Stream plugin <= 3.9.2 versions.
We have discovered 2,439 live websites that are affected by CVE-2022-43490.
Affected Software
| Product | |
| Category | Wordpress Plugins |
| Vulnerable Domains | 2,439 live websites (5.12% of Stream install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 28 versions ( 76% of all versions) |
Common Weakness Enumeration
CWE-352 Cross-Site Request Forgery (CSRF)Details
- Published - May 25, 2023
- Updated - Apr 28, 2026
Credits
- Lucio Sá (Patchstack Alliance) (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2022-43490 United States | 1,201 websites |
 GB | 166 websites |
 Australia | 139 websites |
 Canada | 116 websites |
 Russia | 103 websites |
 Germany | 93 websites |
 Italy | 87 websites |
 Netherlands | 52 websites |
 Spain | 40 websites |
 France | 32 websites |
Website Distribution by TLD
Number of websites using CVE-2022-43490| .com | 1,222 websites |
| .org | 161 websites |
| .com.au | 121 websites |
| .co.uk | 103 websites |
| .ru | 83 websites |
| .it | 72 websites |
| .net | 60 websites |
| .de | 51 websites |
| .nl | 49 websites |
| .ca | 37 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2022-43490
Top websites that are affected by CVE-2022-43490. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.com | United States | **,*** | |
| ******.com |  Singapore | **,*** | |
| *************.com | United States | **,*** | |
| ************.com | United States | **,*** | |
| ******.*****.com | United States | **,*** | |
| *************.net | United States | **,*** | |
| *********.com | United States | **,*** | |
| **********.com | United States | **,*** | |
| *********.com | United States | **,*** | |
| *****.com | United States | **,*** |
FAQ
CVE-2022-43490 is Cross-Site Request Forgery (CSRF) in Stream
A total of 2,439 websites have been identified as vulnerable to CVE-2022-43490, based on global website indexing conducted by WebTechSurvey.
The Stream is affected by the CVE-2022-43490 vulnerability.
Stream versions up to and including 3.9.2 are vulnerable to CVE-2022-43490.