Information Disclosure in VideoWhisper Live Streaming Integration for WordPress
CVE-2014-1908

Currently unrated

Key Information:

Vendor: Wordpress
Status: Videowhisper Live Streaming Integration
Vendor: CVE Published:; 29 December 2014

Summary

The VideoWhisper Live Streaming Integration plugin for WordPress has a flaw in its error-handling mechanism. This vulnerability allows remote attackers to exploit specific scripts, including bp.php, videowhisper_streaming.php, and ls/rtmp.inc.php. By sending direct requests, attackers can trigger error messages revealing sensitive information such as the full file path, which can potentially assist in further attacks against the affected system.

References

https://www.htbridge.com/advisory/HTB23199

x_refsource_MISC

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 29, 2014
Vulnerability Reserved
Feb 7, 2014