Title: CSRF Vulnerability in <= 3.9.2 reported by Patchstack Last modified: April 19, 2023 --- # CSRF Vulnerability in <= 3.9.2 reported by Patchstack * [Alex](https://wordpress.org/support/users/jahggler/) * (@jahggler) * [3 years, 1 month ago](https://wordpress.org/support/topic/csrf-vulnerability-in-3-9-2-reported-by-patchstack/) * Hi, * Is it something you are planning to fix? [https://patchstack.com/database/vulnerability/stream/wordpress-stream-plugin-3-9-2-cross-site-request-forgery-csrf-vulnerability?_a_id=431](https://patchstack.com/database/vulnerability/stream/wordpress-stream-plugin-3-9-2-cross-site-request-forgery-csrf-vulnerability?_a_id=431) Viewing 2 replies - 1 through 2 (of 2 total) * [anuro3](https://wordpress.org/support/users/anuro3/) * (@anuro3) * [3 years, 1 month ago](https://wordpress.org/support/topic/csrf-vulnerability-in-3-9-2-reported-by-patchstack/#post-16677236) * Same problem here reported to me by my Wordfence Security app… * [https://www.wordfence.com/threat-intel/vulnerabilities/id/e7203b5c-5753-453c-8fc2-26fcebdeea5b?source=plugin](https://www.wordfence.com/threat-intel/vulnerabilities/id/e7203b5c-5753-453c-8fc2-26fcebdeea5b?source=plugin) - **Plugin Name: **Stream - **Current Plugin Version: **3.9.2 - **Details: **To protect your site from this vulnerability, the safest option is to deactivate and completely remove “Stream” until a patched version is available. [Get more information.(opens in new tab)](https://www.wordfence.com/help/?query=scan-result-plugin-vulnerable) - **Repository URL: **[https://wordpress.org/plugins/stream(opens in new tab)](https://wordpress.org/plugins/stream) - **Vulnerability Information: **[https://www.wordfence.com/threat-intel/vulnerabilities/id/e7203b5c-5753-453c-8fc2-26fcebdeea5b?source=plugin(opens in new tab)](https://www.wordfence.com/threat-intel/vulnerabilities/id/e7203b5c-5753-453c-8fc2-26fcebdeea5b?source=plugin) - **Vulnerability Severity: **4.3/10.0 (Medium) * Anonymous User 14808221 * (@anonymized-14808221) * [3 years, 1 month ago](https://wordpress.org/support/topic/csrf-vulnerability-in-3-9-2-reported-by-patchstack/#post-16687434) * You should check the changelog * ``` Changelog 3.9.3 – APRIL 25, 2023 Fix: [Security] CVE-2022-43490: Temporarily remove uninstall flow to avoid inadvertent uninstallation of the plugin, props @Lucisu via Patchstack. Fix: [Security] CVE-2022-43450: Check for capabilities in ‘wp_ajax_load_alerts_settings’ AJAX action before loading alert settings, props @Lucisu via Patchstack. ``` * Also it is visible here: [https://wordpress.org/plugins/stream/#developers](https://wordpress.org/plugins/stream/#developers) - This reply was modified 3 years, 1 month ago by Anonymous User 14808221. Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘CSRF Vulnerability in <= 3.9.2 reported by Patchstack’ is closed to new replies. * ![](https://ps.w.org/stream/assets/icon.svg?rev=3128015) * [Stream](https://wordpress.org/plugins/stream/) * [Support Threads](https://wordpress.org/support/plugin/stream/) * [Active Topics](https://wordpress.org/support/plugin/stream/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/stream/unresolved/) * [Reviews](https://wordpress.org/support/plugin/stream/reviews/) * 3 replies * 6 participants * Last reply from: Anonymous User 14808221 * Last activity: [3 years, 1 month ago](https://wordpress.org/support/topic/csrf-vulnerability-in-3-9-2-reported-by-patchstack/#post-16687434) * Status: not resolved