Directory Traversal Vulnerabilities in VideoWhisper Live Streaming Integration for WordPress
CVE-2014-1907

Currently unrated

Key Information:

Vendor: Wordpress
Status: Live Streaming Integration Plugin
Vendor: CVE Published:; 6 March 2014

Summary

Multiple directory traversal vulnerabilities exist in the VideoWhisper Live Streaming Integration plugin for WordPress, specifically before version 4.29.5. These vulnerabilities enable remote attackers to exploit improperly validated input in the 's' parameter. By leveraging this flaw, attackers can read arbitrary files via a '../' sequence when accessing 'ls/rtmp_login.php', or they can delete arbitrary files by exploiting the same sequence when calling 'ls/rtmp_logout.php'. This presents significant security risks, including unauthorized data access and potential service disruption.

References

http://packetstormsecurity.com/files/125454

x_refsource_MISC

https://www.htbridge.com/advisory/HTB23199

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/91478

vdb-entryx_refsource_XF

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 6, 2014
Vulnerability Reserved
Feb 7, 2014