CVE-2024-7423
Stream <= 4.0.1 - Cross-Site Request Forgery to Arbitrary Options UpdateThe Stream plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.1. This is due to missing or incorrect nonce validation on the network_options_action() function. This makes it possible for unauthenticated attackers to update arbitrary options that can lead to DoS or privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
We have discovered 4,453 live websites that are affected by CVE-2024-7423.
Affected Software
| Product | |
| Category | Wordpress Plugins |
| Vulnerable Domains | 4,453 live websites (9.34% of Stream install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 33 versions ( 89% of all versions) |
Common Weakness Enumeration
CWE-352 Cross-Site Request Forgery (CSRF)Details
- Published - Sep 13, 2024
- Updated - Apr 8, 2026
Credits
- vgo0 (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-7423 United States | 2,213 websites |
 Australia | 317 websites |
 GB | 263 websites |
 Germany | 176 websites |
 Netherlands | 169 websites |
 Canada | 167 websites |
 Russia | 129 websites |
 Italy | 122 websites |
 Spain | 107 websites |
 Singapore | 98 websites |
Website Distribution by TLD
Number of websites using CVE-2024-7423| .com | 2,187 websites |
| .org | 312 websites |
| .com.au | 241 websites |
| .co.uk | 179 websites |
| .nl | 153 websites |
| .ru | 105 websites |
| .de | 99 websites |
| .it | 97 websites |
| .net | 92 websites |
| .ca | 84 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-7423
Top websites that are affected by CVE-2024-7423. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.com | United States | **,*** | |
| ******.com | United States | **,*** | |
| ***********.com | United States | **,*** | |
| *********.com | United States | **,*** | |
| ******.com | Singapore | **,*** | |
| ******.****.********.edu | United States | **,*** | |
| *************.com | United States | **,*** | |
| ************.com | United States | **,*** | |
| ******.*****.com | United States | **,*** | |
| ***********.com | United States | **,*** |
FAQ
CVE-2024-7423 is Cross-Site Request Forgery (CSRF) in Stream
A total of 4,453 websites have been identified as vulnerable to CVE-2024-7423, based on global website indexing conducted by WebTechSurvey.
The Stream is affected by the CVE-2024-7423 vulnerability.
Stream versions up to and including 4.0.1 are vulnerable to CVE-2024-7423.