Vulnerabilities and security researches forvideowhisper-live-streaming-integration videowhisper-live-streaming-integration
Direction: ascendingBroadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP # CVE-2023-25699
- CVE, Research URL
- Home page URL
-
Security reports for Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP
- Date
- Apr 03, 2024
- Research Description
- Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in VideoWhisper.Com VideoWhisper Live Streaming Integration allows OS Command Injection.This issue affects VideoWhisper Live Streaming Integration: from n/a through 5.5.15.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP # CVE-2014-2297
- CVE, Research URL
- Home page URL
-
Security reports for Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP
- Date
- Mar 20, 2018
- Research Description
- Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. NOTE: vector 1 may overlap CVE-2014-1906.4.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP # CVE-2014-1908
- CVE, Research URL
- Home page URL
-
Security reports for Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP
- Date
- Dec 30, 2014
- Research Description
- The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP # CVE-2014-1905
- CVE, Research URL
- Home page URL
-
Security reports for Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP
- Date
- Dec 30, 2014
- Research Description
- Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP # CVE-2014-1907
- CVE, Research URL
- Home page URL
-
Security reports for Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP
- Date
- Mar 06, 2014
- Research Description
- Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_logout.php.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP # CVE-2014-1906
- CVE, Research URL
- Home page URL
-
Security reports for Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP
- Date
- Mar 06, 2014
- Research Description
- Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) m parameter to lb_status.php; (2) msg parameter to vc_chatlog.php; n parameter to (3) channel.php, (4) htmlchat.php, (5) video.php, or (6) videotext.php; (7) message parameter to lb_logout.php; or ct parameter to (8) lb_status.php or (9) v_status.php in ls/.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP # CVE-2013-5714
- CVE, Research URL
- Home page URL
-
Security reports for Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP
- Date
- Sep 09, 2013
- Research Description
- Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php in the VideoWhisper Live Streaming Integration plugin 4.25.3 and possibly earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameter. NOTE: some of these details are obtained from third party information.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP # CVE-2014-4569
- CVE, Research URL
- Home page URL
-
Security reports for Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP
- Date
- Jul 01, 2014
- Research Description
- Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the room_name parameter.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP # CVE-2024-12504
- CVE, Research URL
- Home page URL
-
Security reports for Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP
- Date
- Jan 23, 2025
- Research Description
- The Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_hls' shortcode in all versions up to, and including, 6.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP # CVE-2025-26753
- CVE, Research URL
- Home page URL
-
Security reports for Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP
- Date
- Feb 25, 2025
- Research Description
- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper VideoWhisper Live Streaming Integration allows Path Traversal. This issue affects VideoWhisper Live Streaming Integration: from n/a through 6.2.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP # CVE-2025-26752
- CVE, Research URL
- Home page URL
-
Security reports for Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP
- Date
- Feb 25, 2025
- Research Description
- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper VideoWhisper Live Streaming Integration allows Path Traversal. This issue affects VideoWhisper Live Streaming Integration: from n/a through 6.2.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP # CVE-2025-48255
- CVE, Research URL
- Home page URL
-
Security reports for Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP
- Date
- May 19, 2025
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in videowhisper Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP allows Cross Site Request Forgery. This issue affects Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP: from n/a through 6.2.4.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable