CVE-2025-13615 – StreamTube Core

CVE ID : CVE-2025-13615

Published : Nov. 30, 2025, 1:53 a.m. | 31 minutes ago

Description : The StreamTube Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 4.78. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. Note: This can only be exploited if the ‘registration password fields’ enabled in theme options.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-6666 – motogadget mo.lock Ignition Lock NFC hard-coded key

CVE-2025-66291 – OrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Interview Attachments

CVE-2025-66290 – OrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Candidate Attachments

CVE-2025-66225 – OrangeHRM is Vulnerable to Account Takeover Through Unvalidated Username in Password Reset Workflow