CVE-2025-68521

WordPress WpStream plugin <= 4.9.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through <= 4.9.5.

We have discovered 900 live websites that are affected by CVE-2025-68521.

Run a Free Instant Scan



Affected Software

Product  Wpstream
Category Wordpress Plugins
Vulnerable Domains900 live websites (85% of Wpstream install base)
Vulnerable Versions
  • from 0 through 4.9.5
Vulnerable Versions Count68 versions ( 97% of all versions)



Details

  • Published - Dec 24, 2025
  • Updated - Jan 20, 2026

Credits

  • Que Thanh Tuan - Blue Rock | Patchstack Bug Bounty Program (finder)

Website Distribution by Country

Number of websites using CVE-2025-68521
United States436 websites


Germany88 websites
GB34 websites
France28 websites
Italy23 websites
Denmark22 websites
Netherlands20 websites
Canada17 websites
Cyprus15 websites
Russia13 websites

Website Distribution by TLD

Number of websites using CVE-2025-68521
.com383 websites
.org148 websites
.de40 websites
.net21 websites
.nl18 websites
.it17 websites
.co.uk12 websites
.ru9 websites
.se9 websites
.ca8 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2025-68521

Top websites that are affected by CVE-2025-68521. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*********.com United States***,***
*************.***.au Australia***,***
***.rs Serbia***,***
****************.ru Russia***,***
**********.com United States***,***
**************.com United States***,***
********.com Netherlands***,***
******.nrw Germany***,***
************.it France***,***
****************.com United States***,***
See full domain list

FAQ

A total of 900 websites have been identified as vulnerable to CVE-2025-68521, based on global website indexing conducted by WebTechSurvey.
The Wpstream is affected by the CVE-2025-68521 vulnerability.
Wpstream versions up to and including 4.9.5 are vulnerable to CVE-2025-68521.