fixes CVE-2022-43490 by adding a nonce check to the 'wp_ajax_wp_stream_uninstall' AJAX action.
fixes a broken SQL query that failed to delete user meta records on multisite installations.
ensure that plugin being uninstalled from a blog in a multisite doesn't delete all Stream data unless the action is performed (1) by a super admin and (2) on the main blog for of the site.
Checklist
[x] Project documentation has been updated to reflect the changes in this pull request, if applicable.
[x] I have tested the changes in the local development environment (see contributing.md).
:point_right: Superseded by #1435.
Fixes #1426.
This PR includes the following changes:
'wp_ajax_wp_stream_uninstall'
AJAX action.Checklist
contributing.md
).