Videowhisper Live Streaming Integration vulnerabilities
10 known vulnerabilities affecting videowhisper/videowhisper_live_streaming_integration.
Total CVEs
10
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM7
Vulnerabilities
Page 1 of 1
CVE-2014-1905P2CRITICALCVSS 10.0PoC≤ 4.27.42014-12-29
CVE-2014-1905 [CRITICAL] CWE-77 CVE-2014-1905: Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Int
Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integrat
nvd
CVE-2014-1907P3MEDIUMCVSS 6.4PoC≤ 4.27.4v1.0.2+7 more2014-03-06
CVE-2014-1907 [MEDIUM] CWE-22 CVE-2014-1907: Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin b
Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_logout.php.
nvd
CVE-2023-25699P2CRITICALCVSS 9.8fixed in 5.5.162024-04-03
CVE-2023-25699 [CRITICAL] CWE-78 CVE-2023-25699: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerabi
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in VideoWhisper.Com VideoWhisper Live Streaming Integration allows OS Command Injection.This issue affects VideoWhisper Live Streaming Integration: from n/a through 5.5.15.
nvd
CVE-2014-1908P4MEDIUMCVSS 5.0PoC≤ 4.27.42014-12-29
CVE-2014-1908 [MEDIUM] CWE-200 CVE-2014-1908: The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in
The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.
nvd
CVE-2014-1906P4MEDIUMCVSS 4.3PoC≤ 4.27.4v1.0.2+7 more2014-03-06
CVE-2014-1906 [MEDIUM] CWE-79 CVE-2014-1906: Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration p
Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) m parameter to lb_status.php; (2) msg parameter to vc_chatlog.php; n parameter to (3) channel.php, (4) htmlchat.php, (5) video.php, or (6) videote
nvd
CVE-2025-48255P3HIGHCVSS 8.8≤ 6.2.42025-05-19
CVE-2025-48255 [HIGH] CWE-352 CVE-2025-48255: Cross-Site Request Forgery (CSRF) vulnerability in videowhisper Broadcast Live Video videowhisper-li
Cross-Site Request Forgery (CSRF) vulnerability in videowhisper Broadcast Live Video videowhisper-live-streaming-integration allows Cross Site Request Forgery.This issue affects Broadcast Live Video: from n/a through <= 6.2.4.
nvd
CVE-2014-2297P4MEDIUMCVSS 6.1v4.29.62018-03-19
CVE-2014-2297 [MEDIUM] CVE-2014-2297: Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration p
Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. NOTE: vector 1 may overlap CVE-2014-1906.4.
nvd
CVE-2024-12504P4MEDIUMCVSS 5.4fixed in 6.1.102025-01-23
CVE-2024-12504 [MEDIUM] CWE-79 CVE-2024-12504: The Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP plugin for WordPress is v
The Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_hls' shortcode in all versions up to, and including, 6.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authen
nvd
CVE-2014-4569P4MEDIUMCVSS 4.3≤ 4.27v1.0.2+7 more2014-07-01
CVE-2014-4569 [MEDIUM] CWE-79 CVE-2014-4569: Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integ
Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the room_name parameter.
nvd
CVE-2013-5714P4MEDIUMCVSS 4.3≤ 4.25.3v1.0.2+6 more2013-09-09
CVE-2013-5714 [MEDIUM] CWE-79 CVE-2013-5714: Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php in the VideoWhisper Live Stre
Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php in the VideoWhisper Live Streaming Integration plugin 4.25.3 and possibly earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameter. NOTE: some of these details are obtained from third party information.
nvd