GCVE - cpe:2.3:a:videowhisper:broadcast_live_video_–_live_streaming_:_webrtc,_hls,_rtsp,

Approved changes feed: RSS · Atom

cpe:2.3:a:videowhisper:broadcast_live_video_–_live_streaming_:_webrtc,_hls,_rtsp,_rtmp:*:*:*:*:*:*:*:*

part: a version: _webrtc,_hls,_rtsp,_rtmp update: *

Vendor	Videowhisper (`3fa34018-7a89-5b29-a930-e9dcfd4be8ec`)
Product	Broadcast Live Video – Live Streaming (`c8834060-4443-53db-ad14-61cfb6592d1d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-48255`	vulnerable	2026-06-03 15:01:34.332057	WordPress Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP plugin <= 6.2.4 - Cross Site Request Forgery (CSRF) Vulnerability MEDIUM (4.3) Cross-Site Request Forgery (CSRF) vulnerability in videowhisper Broadcast Live Video videowhisper-live-streaming-integration allows Cross Site Request Forgery.This issue affects Broadcast Live Video: from n/a through <= 6.2.4. Published: 2025-05-19T14:44:59.186Z Updated: 2026-04-28T16:12:53.905Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/videowhisper-live-streaming-integration/vulnerability/wordpress-broadcast-live-video-live-streaming-webrtc-hls-rtsp-rtmp-6-2-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-12504`	vulnerable	2026-06-03 14:54:22.490183	Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 6.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting MEDIUM (6.4) The Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_hls' shortcode in all versions up to, and including, 6.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: 2025-01-23T11:13:28.100Z Updated: 2026-04-08T17:01:13.178Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/74b27798-3c6f-4c4e-80f8-7aa40f704fb7?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3218331%40videowhisper-live-streaming-integration&new=3218331%40videowhisper-live-streaming-integration&sfp_email=&sfph_mail=	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Broadcast Live Video – Live Streaming

PURL mappings

Vulnerability references

Contribute