Videowhisper Live Streaming Integration
by WordPress
Source repositories
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-27053 | Cri | 0.64 | 9.8 | 0.00 | Jun 15, 2026 | Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 versions. | ||
| CVE-2023-25699 | Cri | 0.59 | 9.0 | 0.01 | Apr 3, 2024 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in VideoWhisper.Com VideoWhisper Live Streaming Integration allows OS Command Injection.This issue affects VideoWhisper Live Streaming Integration: from n/a through 5.5.15. | ||
| CVE-2025-26752 | Hig | 0.56 | 8.6 | 0.01 | Feb 25, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper Broadcast Live Video videowhisper-live-streaming-integration allows Path Traversal.This issue affects Broadcast Live Video: from n/a through <= 6.2. | ||
| CVE-2025-26753 | Hig | 0.49 | 7.5 | 0.01 | Feb 25, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper Broadcast Live Video videowhisper-live-streaming-integration allows Path Traversal.This issue affects Broadcast Live Video: from n/a through <= 6.2. | ||
| CVE-2026-24937 | Hig | 0.47 | 7.2 | 0.00 | May 25, 2026 | Improper Control of Generation of Code ('Code Injection') vulnerability in VideoWhisper.Com Broadcast Live Video allows Code Injection. This issue affects Broadcast Live Video: from n/a before 7.1.3. | ||
| CVE-2014-2297 | Med | 0.40 | 6.1 | 0.01 | Mar 19, 2018 | Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. … | ||
| CVE-2014-1908 | 0.04 | — | 0.07 | Dec 29, 2014 | The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the… | |||
| CVE-2014-1905 | 0.04 | — | 0.10 | Dec 29, 2014 | Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a… | |||
| CVE-2014-1907 | 0.04 | — | 0.11 | Mar 6, 2014 | Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a ..… | |||
| CVE-2014-1906 | 0.03 | — | 0.05 | Mar 6, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) m parameter to lb_status.php; (2) msg parameter to vc_chatlog.php; n… | |||
| CVE-2014-4569 | 0.00 | — | 0.02 | Jul 1, 2014 | Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the room_name parameter. | |||
| CVE-2013-5714 | 0.00 | — | 0.02 | Sep 9, 2013 | Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php in the VideoWhisper Live Streaming Integration plugin 4.25.3 and possibly earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameter. NOTE:… |
- risk 0.64cvss 9.8epss 0.00
Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 versions.
- risk 0.59cvss 9.0epss 0.01
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in VideoWhisper.Com VideoWhisper Live Streaming Integration allows OS Command Injection.This issue affects VideoWhisper Live Streaming Integration: from n/a through 5.5.15.
- risk 0.56cvss 8.6epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper Broadcast Live Video videowhisper-live-streaming-integration allows Path Traversal.This issue affects Broadcast Live Video: from n/a through <= 6.2.
- risk 0.49cvss 7.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper Broadcast Live Video videowhisper-live-streaming-integration allows Path Traversal.This issue affects Broadcast Live Video: from n/a through <= 6.2.
- risk 0.47cvss 7.2epss 0.00
Improper Control of Generation of Code ('Code Injection') vulnerability in VideoWhisper.Com Broadcast Live Video allows Code Injection. This issue affects Broadcast Live Video: from n/a before 7.1.3.
- risk 0.40cvss 6.1epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. …
- CVE-2014-1908Dec 29, 2014risk 0.04cvss —epss 0.07
The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the…
- CVE-2014-1905Dec 29, 2014risk 0.04cvss —epss 0.10
Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a…
- CVE-2014-1907Mar 6, 2014risk 0.04cvss —epss 0.11
Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a ..…
- CVE-2014-1906Mar 6, 2014risk 0.03cvss —epss 0.05
Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) m parameter to lb_status.php; (2) msg parameter to vc_chatlog.php; n…
- CVE-2014-4569Jul 1, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the room_name parameter.
- CVE-2013-5714Sep 9, 2013risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php in the VideoWhisper Live Streaming Integration plugin 4.25.3 and possibly earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameter. NOTE:…