CVE-2025-7722
BaseFortify
Publication date: 2025-07-23
Last updated on: 2025-07-25
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | social_streams | 1.0.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-272 | The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The Social Streams plugin for WordPress has a privilege escalation vulnerability in versions up to 1.0.1. It does not properly verify a user's identity before allowing updates to user meta information via the update_user_meta() function. This flaw allows authenticated users with Subscriber-level access or higher to escalate their privileges and change their user role to an administrator.
How can this vulnerability impact me? :
This vulnerability can allow an attacker with low-level access (Subscriber or above) to gain administrator privileges on a WordPress site. This can lead to full control over the site, including modifying content, installing malicious code, stealing sensitive data, or disrupting site operations.