CVE-2025-2519
📋 TL;DR
The Streamit WordPress theme contains a vulnerability that allows authenticated attackers with subscriber-level access or higher to download arbitrary files from the server. This occurs due to insufficient file validation in the 'st_send_download_file' function. All WordPress sites using Streamit theme versions up to 4.0.1 are affected.
💻 Affected Systems
- Streamit WordPress Theme
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could download sensitive files like wp-config.php containing database credentials, server configuration files, or user data, leading to complete site compromise.
Likely Case
Attackers download configuration files to gain database access, escalate privileges, or steal sensitive information from the server.
If Mitigated
With proper access controls and monitoring, impact is limited to file disclosure without further exploitation.
🎯 Exploit Status
Exploitation requires authenticated access but is technically simple once credentials are obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 4.0.1
Vendor Advisory: https://documentation.iqonic.design/streamit/change-log/streamit-v4-0/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Check for Streamit theme updates. 4. Update to latest version (above 4.0.1). 5. Clear any caching plugins/CDN caches.
🔧 Temporary Workarounds
Remove vulnerable function
allTemporarily disable the vulnerable function by removing or commenting out the 'st_send_download_file' function in theme files.
# Locate the function in theme PHP files and comment it out
Restrict user registration
allDisable new user registration to prevent attackers from creating subscriber accounts.
# In WordPress Settings > General, uncheck 'Anyone can register'
🧯 If You Can't Patch
- Temporarily switch to a default WordPress theme like Twenty Twenty-Four
- Implement web application firewall rules to block requests to the vulnerable endpoint
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Appearance > Themes for Streamit theme version. If version is 4.0.1 or lower, you are vulnerable.Check Version:
wp theme list --field=name,status,version | grep streamitVerify Fix Applied:
After updating, verify theme version shows higher than 4.0.1 in WordPress admin.📡 Detection & Monitoring
Log Indicators:
- Unusual file download requests from authenticated users
- Requests to theme-specific endpoints with file path parameters
- Multiple failed attempts to access sensitive files
Network Indicators:
- HTTP requests containing file path traversal patterns
- Unusual download patterns from authenticated sessions
SIEM Query:
source="web_server" AND (uri_path="*st_send_download_file*" OR uri_path="*download*" AND user_agent="*WordPress*")