Vulnerabilities and security researches forstreamcast streamcast
Direction: ascendingJun 06, 2024
StreamCast – Radio Player for WordPress # CVE-2021-24416
- CVE, Research URL
- Application
- Date
- Oct 18, 2021
- Research Description
- The StreamCast – Radio Player for WordPress plugin before 2.1.1 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode
- Affected versions
-
max 2.1.1.
- Status
-
vulnerable
Aug 12, 2024
StreamCast – Radio Player for WordPress # CVE-2024-43148
- CVE, Research URL
- Application
- Date
- Aug 13, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bPlugins StreamCast allows Stored XSS.This issue affects StreamCast: from n/a through 2.2.3.
- Affected versions
-
max 2.2.4.
- Status
-
vulnerable
Nov 15, 2024
StreamCast – Radio Player for WordPress # CVE-2022-4974
- CVE, Research URL
- Application
- Date
- Oct 16, 2024
- Research Description
- The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
- Affected versions
-
max 2.1.4.
- Status
-
vulnerable
Jun 13, 2026
StreamCast – Radio Player for WordPress # CVE-2023-33999
- CVE, Research URL
- Application
- Date
- Jun 11, 2026
- Research Description
- Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in WPVibes WP Mail Log allows DOM-Based XSS. This issue affects WP Mail Log: from n/a through 1.0.2.
- Affected versions
-
max 2.1.9.
- Status
-
vulnerable
Jun 16, 2026
StreamCast – Radio Player for WordPress # 6d8910c719b2a132ec93828cd37e418b19cac960
- CVE, Research URL
- Application
- Date
- Mar 04, 2022
- Research Description
- StreamCast – Live Radio Streaming Player [streamcast] < 2.1.4 Freemius SDK <= 2.4.2 - Missing Authorization Checks The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
- Affected versions
-
max 2.1.4.
- Status
-
vulnerable
StreamCast – Radio Player for WordPress # d57d3b30ff17cef716e0a207565fd8c9fc926130
- CVE, Research URL
- Application
- Date
- Feb 28, 2022
- Research Description
- StreamCast – Live Radio Streaming Player [streamcast] < 2.1.4 WordPress StreamCast plugin <= 2.1.2 - Sensitive Information Disclosure vulnerability Sensitive Information Disclosure vulnerability discovered in WordPress StreamCast plugin (versions <= 2.1.2).
- Affected versions
-
max 2.1.4.
- Status
-
vulnerable
StreamCast – Radio Player for WordPress # 0d7595c0f0dffd5e6f4a7c77143d581cc46240b4
- CVE, Research URL
- Application
- Date
- Feb 28, 2022
- Research Description
- StreamCast – Live Radio Streaming Player [streamcast] < 2.1.4 WordPress StreamCast plugin <= 2.1.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress StreamCast plugin (versions <= 2.1.2).
- Affected versions
-
max 2.1.4.
- Status
-
vulnerable