CVE-2014-4567
Description
Cross-site scripting (XSS) vulnerability in comments/videowhisper2/r_logout.php in the Video Comments Webcam Recorder plugin 1.55, as downloaded before 20140116 for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Video Comments Webcam Recorder plugindescription
- Range: <=1.55
Patches
Vulnerability mechanics
Root cause
"The `message` parameter in `r_logout.php` is not properly sanitized, allowing for arbitrary web script or HTML injection."
Attack vector
An unauthenticated remote attacker can exploit this vulnerability by sending a crafted HTTP request to `comments/videowhisper2/r_logout.php`. The attacker needs to inject malicious script or HTML into the `message` parameter. This will result in the arbitrary code being executed within the context of the victim's browser when the page is rendered. [ref_id=1].
Affected code
The vulnerability exists in the `r_logout.php` file within the `comments/videowhisper2/` directory of the Video Comments Webcam Recorder plugin version 1.55 and likely earlier versions. The specific vulnerable parameter is `message` [ref_id=1].
What the fix does
The advisory indicates that the plugin was updated in place to address this vulnerability. Specifically, the commit referenced in the advisory ([ref_id=1]) likely includes sanitization for the `message` parameter in `r_logout.php`. This sanitization prevents the injection of arbitrary web script or HTML, thereby mitigating the cross-site scripting risk.
Preconditions
- inputThe `message` parameter must be present in the request.
- authUnauthenticated access is sufficient to trigger the vulnerability.
Generated on Jun 3, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- codevigilant.com/disclosure/wp-plugin-video-comments-webcam-recorder-a3-cross-site-scripting-xssmitrex_refsource_MISC
- plugins.trac.wordpress.org/changesetmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.