{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-7722", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-07-16T17:16:08.340Z", "datePublished": "2025-07-23T02:24:40.269Z", "dateUpdated": "2026-04-08T17:33:00.916Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:33:00.916Z"}, "affected": [{"vendor": "steverio", "product": "Social Streams", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Social Streams plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.1. This is due to the plugin not properly validating a user's identity prior to updating their user meta information in the update_user_meta() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change their user type to that of an administrator."}], "title": "Social Streams <= 1.2.1 - Authenticated (Subscriber+) Privilege Escalation", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3f01b88-6f93-4ee8-8d59-9165ebcd4dd1?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/social-streams/trunk/src/php/JsonAPI.php#275"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-272 Least Privilege Violation", "cweId": "CWE-272", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Thanh Nam Tran"}], "timeline": [{"time": "2025-07-22T14:03:46.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-23T17:43:28.526411Z", "id": "CVE-2025-7722", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-23T17:55:35.289Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-7722", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-23T17:43:28.526411Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-23T17:44:04.215Z"}}], "cna": {"title": "Social Streams <= 1.2.1 - Authenticated (Subscriber+) Privilege Escalation", "credits": [{"lang": "en", "type": "finder", "value": "Thanh Nam Tran"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "steverio", "product": "Social Streams", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.0.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-22T14:03:46.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3f01b88-6f93-4ee8-8d59-9165ebcd4dd1?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/social-streams/trunk/src/php/JsonAPI.php#275"}], "descriptions": [{"lang": "en", "value": "The Social Streams plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.1. This is due to the plugin not properly validating a user's identity prior to updating their user meta information in the update_user_meta() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change their user type to that of an administrator."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-272", "description": "CWE-272 Least Privilege Violation"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:33:00.916Z"}}}, "cveMetadata": {"cveId": "CVE-2025-7722", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:33:00.916Z", "dateReserved": "2025-07-16T17:16:08.340Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-07-23T02:24:40.269Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Social Streams plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.1. This is due to the plugin not properly validating a user's identity prior to updating their user meta information in the update_user_meta() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change their user type to that of an administrator."}, {"lang": "es", "value": "El complemento Social Streams para WordPress es vulnerable a la escalada de privilegios en todas las versiones hasta la 1.0.1 incluida. Esto se debe a que el complemento no valida correctamente la identidad del usuario antes de actualizar su metainformaci\u00f3n en la funci\u00f3n update_user_meta(). Esto permite que atacantes autenticados, con acceso de suscriptor o superior, cambien su tipo de usuario a administrador."}], "id": "CVE-2025-7722", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-07-23T03:15:25.600", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/social-streams/trunk/src/php/JsonAPI.php#275"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3f01b88-6f93-4ee8-8d59-9165ebcd4dd1?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-272"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T22:08:52.318871+00:00", "value": {"mitigation_remediation": ["Update the Social Streams plugin to the newest release that contains the fix for the update_user_meta validation bug.", "If a patched release is not yet available, temporarily disable or remove the plugin until the vendor releases a correct version.", "Limit Subscriber and lower\u2011level accounts on the WordPress site to only those users who truly need access, and routinely review role assignments to prevent unnecessary privilege escalation."], "summary": {"action": "Patch Plugin", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "This flaw exists in the steverio Social Streams WordPress plugin for all releases up to and including version\u202f1.0.1 as indicated by the official description. Sites that have installed the plugin and allow any authenticated user with Subscriber or higher roles are at risk. The title suggests a broader range of <=\u202f1.2.1, but the CVE text confirms up to\u202f1.0.1.", "description_and_impact": "The Social Streams plugin for WordPress fails to validate a user's identity when calling update_user_meta, permitting an authenticated user with Subscriber-level access or higher to modify the role meta for their own account. This unauthorized change elevates the account to Administrator, giving full control over the site. The flaw is a classic privilege escalation vulnerability. No additional interaction beyond a valid login is required.", "risk_and_exploitability": "The CVSS score of\u202f8.8 classifies the issue as high severity, while the EPSS score of less than\u202f1\u202f% indicates that widespread exploitation is unlikely at present. The vulnerability is not listed in CISA\u2019s KEV database, meaning no publicly known exploits are documented. An attacker would need a legitimate WordPress account with at least Subscriber privileges, which can be achieved via local login or credential compromise, and can then trigger the flawed update_user_meta call through the plugin\u2019s front\u2011end API or otherwise. Once executed, the user\u2019s role is changed to Administrator, enabling full administrative takeover."}}}}, "created": "2025-07-23T17:35:56.745180+00:00", "updated": "2026-04-20T22:15:06.193717+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}