CVE-2026-39527MEDIUM NVDCVSS Score 5.4Severity MEDIUMPublished Jun 15, 2026Vendor unknownDescriptionSubscriber Arbitrary File Upload in WpStream < 4.11.2 versions.Referenceshttps://patchstack.com/database/wordpress/plugin/wpstream/vulnerability/wordpress-wpstream-plugin-4-11-2-arbitrary-file-upload-vulnerability?_s_id=cve