Videowhisper

Videowhisper Live Streaming Integration

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-48255

  • EPSS 0.16%
  • Veröffentlicht 19.05.2025 14:44:59
  • Zuletzt bearbeitet 23.04.2026 15:30:58

Cross-Site Request Forgery (CSRF) vulnerability in videowhisper Broadcast Live Video videowhisper-live-streaming-integration allows Cross Site Request Forgery.This issue affects Broadcast Live Video: from n/a through <= 6.2.4.

8.6

CVE-2025-26752

  • EPSS 0.5%
  • Veröffentlicht 25.02.2025 15:15:23
  • Zuletzt bearbeitet 23.04.2026 15:25:55

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper Broadcast Live Video videowhisper-live-streaming-integration allows Path Traversal.This issue affects Broadcast Live Video: from n/a through ...

7.5

CVE-2025-26753

  • EPSS 0.54%
  • Veröffentlicht 25.02.2025 15:15:23
  • Zuletzt bearbeitet 23.04.2026 15:25:55

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper Broadcast Live Video videowhisper-live-streaming-integration allows Path Traversal.This issue affects Broadcast Live Video: from n/a through ...

5.4

CVE-2024-12504

  • EPSS 0.22%
  • Veröffentlicht 23.01.2025 12:15:27
  • Zuletzt bearbeitet 17.07.2025 19:43:26

The Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_hls' shortcode in all versions up to, and including, 6.1.9 due to insufficient...

9.8

CVE-2023-25699

  • EPSS 1.29%
  • Veröffentlicht 03.04.2024 13:15:59
  • Zuletzt bearbeitet 28.04.2026 19:19:49

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in VideoWhisper.Com VideoWhisper Live Streaming Integration allows OS Command Injection.This issue affects VideoWhisper Live Streaming Integratio...

6.1

CVE-2014-2297

  • EPSS 1.14%
  • Veröffentlicht 19.03.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 02:06:01

Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor par...

5

CVE-2014-1908

Exploit
  • EPSS 7.2%
  • Veröffentlicht 29.12.2014 20:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct r...

10

CVE-2014-1905

Exploit
  • EPSS 10.36%
  • Veröffentlicht 29.12.2014 20:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and the...

4.3

CVE-2014-4569

Exploit
  • EPSS 2.05%
  • Veröffentlicht 01.07.2014 14:55:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the room_name parameter.

4.3

CVE-2014-1906

Exploit
  • EPSS 4.51%
  • Veröffentlicht 06.03.2014 15:55:28
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) m parameter to lb_status.php; (2) msg para...