GCVE - cpe:2.3:a:videowhisper:videowhisper_live_streaming

Approved changes feed: RSS · Atom

cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Videowhisper (`3fa34018-7a89-5b29-a930-e9dcfd4be8ec`)
Product	Videowhisper Live Streaming Integration (`99f00bae-ff95-51b7-b80e-bcf7af574baa`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-48255`	vulnerable	2026-06-03 15:01:34.331156	WordPress Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP plugin <= 6.2.4 - Cross Site Request Forgery (CSRF) Vulnerability MEDIUM (4.3) Cross-Site Request Forgery (CSRF) vulnerability in videowhisper Broadcast Live Video videowhisper-live-streaming-integration allows Cross Site Request Forgery.This issue affects Broadcast Live Video: from n/a through <= 6.2.4. Published: 2025-05-19T14:44:59.186Z Updated: 2026-04-28T16:12:53.905Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/videowhisper-live-streaming-integration/vulnerability/wordpress-broadcast-live-video-live-streaming-webrtc-hls-rtsp-rtmp-6-2-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-12504`	vulnerable	2026-06-03 14:54:22.491136	Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 6.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting MEDIUM (6.4) The Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_hls' shortcode in all versions up to, and including, 6.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: 2025-01-23T11:13:28.100Z Updated: 2026-04-08T17:01:13.178Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/74b27798-3c6f-4c4e-80f8-7aa40f704fb7?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3218331%40videowhisper-live-streaming-integration&new=3218331%40videowhisper-live-streaming-integration&sfp_email=&sfph_mail=	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-25699`	vulnerable	2026-06-03 14:49:33.299139	WordPress VideoWhisper Live Streaming Integration plugin <= 5.5.15 - Remote Code Execution (RCE) CRITICAL (9) Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in VideoWhisper.Com VideoWhisper Live Streaming Integration allows OS Command Injection.This issue affects VideoWhisper Live Streaming Integration: from n/a through 5.5.15. Published: 2024-04-03T12:22:14.850Z Updated: 2026-04-28T16:08:09.593Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/videowhisper-live-streaming-integration/wordpress-broadcast-live-video-live-streaming-html5-webrtc-hls-rtsp-rtmp-plugin-5-5-15-remote-code-execution-rce?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-4569`	vulnerable	2026-06-03 14:34:03.688399	Details available Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the room_name parameter. Published: 2014-07-01T14:00:00.000Z Updated: 2024-08-06T11:20:26.547Z Open on db.gcve.eu Reference links https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=833654%40videowhisper-live-streaming-integration&old=833649%40videowhisper-live-streaming-integration&sfp_email=&sfph_mail= http://codevigilant.com/disclosure/wp-plugin-videowhisper-live-streaming-integration-a3-cross-site-scripting-xss http://www.securityfocus.com/bid/68321	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1908`	vulnerable	2026-06-03 14:33:48.966219	Details available The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. Published: 2014-12-29T20:00:00.000Z Updated: 2024-08-06T09:58:15.562Z Open on db.gcve.eu Reference links https://www.htbridge.com/advisory/HTB23199	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1905`	vulnerable	2026-06-03 14:33:48.954305	Details available Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename. Published: 2014-12-29T20:00:00.000Z Updated: 2024-08-06T09:58:15.551Z Open on db.gcve.eu Reference links https://www.htbridge.com/advisory/HTB23199	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Videowhisper Live Streaming Integration

PURL mappings

Vulnerability references

Contribute