WpStream: Incorrect Configuration Allows Unauthorized Access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

WpStream: Incorrect Configuration Allows Unauthorized Access

CVE-2026-39526

Summary

A misconfigured security setting in WpStream can allow unauthorized access to certain features. This issue affects versions of WpStream prior to 4.11.2. To fix this, update to the latest version of WpStream.

Original title

Authorization Bypass Through User-Controlled Key vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: fro...

Original description

Vulnerability type

CWE-639 Authorization Bypass Through User-Controlled Key

https://patchstack.com/database/Wordpress/Plugin/wpstream/vulnerability/wordpres...

Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026