cleantalk
Vulnerabilities and Security Researches

Social Streams, CVE-2025-7722

CVE, Research URL

CVE-2025-7722

Home page URL

Security reports for Social Streams

Application

Social Streams

Published on
Jul 23, 2025
Research Description
The Social Streams plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.1. This is due to the plugin not properly validating a user's identity prior to updating their user meta information in the update_user_meta() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change their user type to that of an administrator.
Affected versions
Min -, max 1.0.1.
Status
vulnerable
Previous vulnerability researches
Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms (CVE-2025-7697) , Jul 21, 2025
Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms (CVE-2025-30863) , Apr 02, 2025
New vulnerability
WP Applink (CVE-2025-6385) , Jul 25, 2025
Structured Content (JSON-LD) #wpsc (CVE-2025-4608) , Jul 25, 2025
Taeggie Feed (CVE-2025-6382) , Jul 25, 2025
Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination (CVE-2025-5084) , Jul 25, 2025
AI Engine (CVE-2025-7780) , Jul 25, 2025