CVE-2026-39526 PUBLISHED

WordPress WpStream plugin < 4.11.2 - Insecure Direct Object References (IDOR) vulnerability

Assigner: Patchstack
Reserved: 07.04.2026 Published: 08.04.2026 Updated: 08.04.2026

Authorization Bypass Through User-Controlled Key vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through < 4.11.2.

Product Status

Vendor wpstream
Product WpStream
Versions Default: unaffected
  • affected from 0 to 4.11.2 (incl.)

Credits

  • Muhammad Sharief | Patchstack Bug Bounty Program finder

References

Problem Types

  • Authorization Bypass Through User-Controlled Key CWE

Impacts

  • Exploiting Incorrectly Configured Access Control Security Levels