Description
The Streamit theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email in the 'st_Authentication_Controller::edit_profile' function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
Published: 2025-04-08
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Apply Patch
AI Analysis

Impact

The Streamit WordPress theme contains a flaw in the profile editing routine that fails to verify the current user’s identity before allowing changes to user attributes. This oversight lets an attacker, even without authentication, alter any user’s email address. By resetting the new email through WordPress’ password recovery mechanism, the attacker can assume the victim’s account, granting full administrative privileges.

Affected Systems

All WordPress sites that have the iqonicdesign Streamit theme installed at version 4.0.2 or earlier are affected. The vulnerability is present in Streamit versions up to and including 4.0.2.

Risk and Exploitability

The CVSS base score of 8.8 reflects a severe risk for systems running legacy Streamit, while the EPSS score of less than 1% indicates low but non‑zero exploitation probability. Because the issue can be exploited via a simple POST request to the site, attackers with network access to the host can trigger it without any credentials. The vulnerability is not listed in CISA’s KEV catalog, so no public exploit reports are known, but the high severity and trivial exploitation path warrant urgent mitigation.

Generated by OpenCVE AI on April 22, 2026 at 17:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Streamit to the latest version (4.0.3 or newer) which fixes the email change validation check.
  • If an immediate update is not possible, disable the email change feature for non‑administrator users through a custom code snippet or a plugin that restricts profile editing.
  • Implement additional account protection, such as enforcing strong passwords and enabling two‑factor authentication for WordPress administrators.

Generated by OpenCVE AI on April 22, 2026 at 17:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-10412 The Streamit theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email in the 'st_Authentication_Controller::edit_profile' function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
History

Tue, 08 Apr 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 08 Apr 2025 14:30:00 +0000

Type Values Removed Values Added
Title Streamit <= 4.0.2 - Authenticated (Subscriber+) Privilege Escalation via User Email Change/Account Takeover

Tue, 08 Apr 2025 02:45:00 +0000

Type Values Removed Values Added
Description The Streamit theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email in the 'st_Authentication_Controller::edit_profile' function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:33:23.214Z

Reserved: 2025-03-19T14:18:20.562Z

Link: CVE-2025-2526

cve-icon Vulnrichment

Updated: 2025-04-08T14:20:20.856Z

cve-icon NVD

Status : Deferred

Published: 2025-04-08T02:15:20.523

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-2526

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T17:45:22Z

Weaknesses