Vulnerabilities and security researches forppv-live-webcams ppv-live-webcams

Feb 20, 2025

CVE, Research URL: CVE-2025-22663
Home page URL: Security reports for Paid Videochat Turnkey Site – HTML5 PPV Live Webcams
Application: Paid Videochat Turnkey Site – HTML5 PPV Live Webcams
Date: Feb 19, 2025
Research Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper Paid Videochat Turnkey Site allows Path Traversal. This issue affects Paid Videochat Turnkey Site: from n/a through 7.2.12.
Affected versions: max 7.3.
Status: vulnerable

Apr 17, 2025

CVE, Research URL: CVE-2025-31380
Home page URL: Security reports for Paid Videochat Turnkey Site – HTML5 PPV Live Webcams
Application: Paid Videochat Turnkey Site – HTML5 PPV Live Webcams
Date: -
Research Description: Paid Videochat Turnkey Site – HTML5 PPV Live Webcams [ppv-live-webcams] <= 7.3.11 (unfixed) CVE-2025-31380
Affected versions: max 7.3.11.
Status: vulnerable

Nov 11, 2025

CVE, Research URL: CVE-2025-62959
Home page URL: Security reports for Paid Videochat Turnkey Site – HTML5 PPV Live Webcams
Application: Paid Videochat Turnkey Site – HTML5 PPV Live Webcams
Date: Oct 27, 2025
Research Description: Improper Control of Generation of Code ('Code Injection') vulnerability in videowhisper Paid Videochat Turnkey Site ppv-live-webcams allows Remote Code Inclusion.This issue affects Paid Videochat Turnkey Site: from n/a through <= 7.3.22.
Affected versions: max 7.3.22.
Status: vulnerable

Apr 16, 2026

CVE, Research URL: CVE-2025-8899
Home page URL: Security reports for Paid Videochat Turnkey Site – HTML5 PPV Live Webcams
Application: Paid Videochat Turnkey Site – HTML5 PPV Live Webcams
Date: Mar 07, 2026
Research Description: The Paid Videochat Turnkey Site – HTML5 PPV Live Webcams plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.3.20. This is due to videowhisper_register_form() function not restricting user roles that can be set during registration. This makes it possible for authenticated attackers, with Author-level access and above, to create posts/pages with the registration form and administrator set as the role and subsequently use that form to register an administrator account. This can also be exploited by contributors, but is far less likely to be successful because an administrator would need to approve the form with the administrator role for the attack to be successful.
Affected versions: max 7.3.21.
Status: vulnerable

May 28, 2026

CVE, Research URL: CVE-2026-24590
Home page URL: Security reports for Paid Videochat Turnkey Site – HTML5 PPV Live Webcams
Application: Paid Videochat Turnkey Site – HTML5 PPV Live Webcams
Date: May 26, 2026
Research Description: Missing Authorization vulnerability in VideoWhisper.Com Paid Videochat Turnkey Site allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Paid Videochat Turnkey Site: from n/a through 7.3.23.
Affected versions: max 7.3.24.
Status: vulnerable

Jun 04, 2026

CVE, Research URL: CVE-2026-27333
Home page URL: Security reports for Paid Videochat Turnkey Site – HTML5 PPV Live Webcams
Application: Paid Videochat Turnkey Site – HTML5 PPV Live Webcams
Date: -
Research Description: Paid Videochat Turnkey Site – HTML5 PPV Live Webcams [ppv-live-webcams] < 7.3.24 CVE-2026-27333
Affected versions: max 7.3.24.
Status: vulnerable