CVE-2025-7722

Summary

The Social Streams plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.1. This is due to the plugin not properly validating a user's identity prior to updating their user meta information in the update_user_meta() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change their user type to that of an administrator.

Affected Software

VendorProductVersion RangeStatus
steverioSocial Streams0 <= 1.0.1affected

Weaknesses

  • CWE-272: CWE-272 Least Privilege Violation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References