7.2

CVE-2026-24937

WordPress Broadcast Live Video plugin < 7.1.3 - Remote Code Execution (RCE) vulnerability

Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP < 7.1.3 - Authenticated (Admin+) Remote Code Execution

Improper Control of Generation of Code ('Code Injection') vulnerability in VideoWhisper.Com Broadcast Live Video allows Code Injection.

This issue affects Broadcast Live Video: from n/a before 7.1.3.
Mögliche Gegenmaßnahme
Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP: Update to version 7.1.3, or a newer patched version
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerVideoWhisper.com
Produkt Broadcast Live Video
Default Statusunaffected
Version n/a
Version < 7.1.3
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP
Version [*, 7.1.3)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.41% 0.324
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
audit@patchstack.com 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://patchstack.com/database/wordpress/plugin/videowhisper-live-streaming-integration/vulnerability/wordpress-broadcast-live-video-plugin-7-1-3-remote-code-execution-rce-vulnerability?_s_id=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/a50e2df0-b45e-4a0a-b6dc-f05b4286132a
Third Party Advisory