Vendor
Videowhisper
Products
6
CVEs
10
Across products
10
Status
Private
Products
6- 5 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
10| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-25699 | Cri | 0.59 | 9.0 | 0.02 | Apr 3, 2024 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in VideoWhisper.Com VideoWhisper Live Streaming Integration allows OS Command Injection.This issue affects VideoWhisper Live Streaming Integration: from n/a through 5.5.15. | |
| CVE-2023-52213 | Hig | 0.46 | 7.1 | 0.00 | Jan 8, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VideoWhisper Rate Star Review – AJAX Reviews for Content, with Star Ratings allows Reflected XSS.This issue affects Rate Star Review – AJAX Reviews for Content, with Star Ratings: from n/a through 1.5.1. | |
| CVE-2025-48255 | Med | 0.28 | 4.3 | 0.00 | May 19, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in videowhisper Broadcast Live Video videowhisper-live-streaming-integration allows Cross Site Request Forgery.This issue affects Broadcast Live Video: from n/a through <= 6.2.4. | |
| CVE-2014-1908 | 0.04 | — | 0.06 | Dec 29, 2014 | The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. | ||
| CVE-2014-1905 | 0.04 | — | 0.18 | Dec 29, 2014 | Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename. | ||
| CVE-2010-4971 | 0.03 | — | 0.02 | Nov 2, 2011 | Cross-site scripting (XSS) vulnerability in VideoWhisper PHP 2 Way Video Chat component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the r parameter to index.php. | ||
| CVE-2014-4570 | 0.00 | — | 0.00 | Jul 2, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Video Presentation plugin before 3.31 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) room_name parameter to c_login.php or (2) room parameter to index.php in vp/. | ||
| CVE-2014-4568 | 0.00 | — | 0.00 | Jul 2, 2014 | Cross-site scripting (XSS) vulnerability in posts/videowhisper/r_logout.php in the Video Posts Webcam Recorder plugin 1.55.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter. | ||
| CVE-2014-2715 | 0.00 | — | 0.00 | Apr 28, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in vwrooms\templates\logout.tpl.php in the VideoWhisper Webcam plugins for Drupal 7.x allow remote attackers to inject arbitrary web script or HTML via the (1) module or (2) message parameter to index.php. | ||
| CVE-2013-5714 | 0.00 | — | 0.00 | Sep 9, 2013 | Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php in the VideoWhisper Live Streaming Integration plugin 4.25.3 and possibly earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameter. NOTE: some of these details are obtained from third party information. |