Return to CVE list

CVE-2025-2519

6.5
Medium

CVE-2025-2519

security@wordfence.com
Awaiting Analysis
View on MITREFind on GitHub

Description

The Sreamit theme for WordPress is vulnerable to arbitrary file downloads in all versions up to, and including, 4.0.1. This is due to insufficient file validation in the 'st_send_download_file' function. This makes it possible for authenticated attackers, with subscriber-level access and above, to download arbitrary files.

Exploits

No known exploits found for this CVE.

Search Exploit-DB

References

security@wordfence.com
https://documentation.iqonic.design/streamit/change-log/streamit-v4-0/
security@wordfence.com
https://themeforest.net/item/streamit-video-streaming-wordpress-theme/29772881
security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/fd28c405-ed2f-435a-806c-1fc43cac0f80?source=cve