Cross-Site Scripting Vulnerability in VideoWhisper Live Streaming Integration for WordPress
CVE-2014-1906

Currently unrated

Key Information:

Vendor: Wordpress
Status: Live Streaming Integration Plugin
Vendor: CVE Published:; 6 March 2014

What is CVE-2014-1906?

Multiple cross-site scripting (XSS) vulnerabilities exist in the VideoWhisper Live Streaming Integration plugin for WordPress. These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML into various parameters, including 'm' in lb_status.php, 'msg' in vc_chatlog.php, and several others across different components like channel.php, htmlchat.php, and video.php. Exploiting these XSS vulnerabilities could lead to unauthorized access and manipulation of user data or web application behavior.

References

http://packetstormsecurity.com/files/125454

x_refsource_MISC

https://www.htbridge.com/advisory/HTB23199

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/91477

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2014
Vulnerability Reserved
Feb 7, 2014

Wordpress

What is CVE-2014-1906?

References

Timeline