Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Videowhisper Subscribe
Filtered by product Videowhisper Live Streaming Integration
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-25699 1 Videowhisper 1 Videowhisper Live Streaming Integration 2025-04-15 N/A 9.0 CRITICAL
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in VideoWhisper.Com VideoWhisper Live Streaming Integration allows OS Command Injection.This issue affects VideoWhisper Live Streaming Integration: from n/a through 5.5.15.
CVE-2014-1908 1 Videowhisper 1 Videowhisper Live Streaming Integration 2025-04-12 5.0 MEDIUM N/A
The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.
CVE-2014-1905 1 Videowhisper 1 Videowhisper Live Streaming Integration 2025-04-12 10.0 HIGH N/A
Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename.
CVE-2014-4569 1 Videowhisper 1 Videowhisper Live Streaming Integration 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the room_name parameter.
CVE-2014-2297 1 Videowhisper 1 Videowhisper Live Streaming Integration 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. NOTE: vector 1 may overlap CVE-2014-1906.4.