cleantalk
Vulnerabilities and Security Researches

Social Streams, CVE-2025-7722

CVE, Research URL

CVE-2025-7722

Home page URL

Security reports for Social Streams

Application

Social Streams

Published on
Jul 23, 2025
Research Description
The Social Streams plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.1. This is due to the plugin not properly validating a user's identity prior to updating their user meta information in the update_user_meta() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change their user type to that of an administrator.
Affected versions
Min -, max 1.0.1.
Status
vulnerable
Previous vulnerability researches
SIP Reviews Shortcode for WooCommerce (CVE-2024-6479) , Nov 02, 2024
SIP Reviews Shortcode for WooCommerce (CVE-2024-6480) , Nov 02, 2024
New vulnerability
ElementsKit Elementor addons (CVE-2025-3614) , Jul 25, 2025
WP Links Page (CVE-2025-30998) , Jul 25, 2025
CSS & JavaScript Toolbox (CVE-2025-3703) , Jul 25, 2025
POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications (CVE-2025-24000) , Jul 25, 2025
ONLYOFFICE (CVE-2025-6380) , Jul 25, 2025