This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Videowhisper First view 2014-07-01
Product Videowhisper Live Streaming Integration Last view 2018-03-19
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:4.27.2:*:*:*:*:wordpress:*:* 3
cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:4.25:*:*:*:*:wordpress:*:* 3
cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:4.05:*:*:*:*:wordpress:*:* 3
cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:2.2:*:*:*:*:wordpress:*:* 3
cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:2.1:*:*:*:*:wordpress:*:* 3
cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:2.0:*:*:*:*:wordpress:*:* 3
cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:4.07:*:*:*:*:wordpress:*:* 3
cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:1.0.2:*:*:*:*:wordpress:*:* 3
cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:4.29.6:*:*:*:*:wordpress:*:* 1

Related : CVE

  Date Alert Description
6.1 2018-03-19 CVE-2014-2297

Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. NOTE: vector 1 may overlap CVE-2014-1906.4.

5 2014-12-29 CVE-2014-1908

The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.

10 2014-12-29 CVE-2014-1905

Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename.

4.3 2014-07-01 CVE-2014-4569

Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the room_name parameter.

CWE : Common Weakness Enumeration

%idName
50% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
25% (1) CWE-200 Information Exposure
25% (1) CWE-77 Improper Sanitization of Special Elements used in a Command ('Comma...

ExploitDB Exploits

id Description
31986 Wordpress VideoWhisper 4.27.3 - Multiple Vulnerabilities

Snort® IPS/IDS

Date Description
2018-06-05 Wordpress VideoWhisper Live Streaming Integration plugin double extension fil...
RuleID : 46483 - Type : SERVER-WEBAPP - Revision : 2