Cross-Site Scripting Vulnerability in VideoWhisper Live Streaming Integration for WordPress
CVE-2014-4569

Currently unrated

Key Information:

Vendor: Wordpress
Status: Videowhisper Live Streaming Integration
Vendor: CVE Published:; 1 July 2014

Summary

A cross-site scripting (XSS) vulnerability exists in the ls/vv_login.php file of the VideoWhisper Live Streaming Integration plugin for WordPress, specifically in versions 4.27.2 and earlier. This issue allows remote attackers to potentially inject arbitrary web scripts or HTML through the room_name parameter, jeopardizing the security and integrity of the affected WordPress installations. Attackers exploiting this vulnerability could execute harmful scripts in users' browsers, leading to data breaches or unauthorized actions.

References

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

x_refsource_CONFIRM

http://codevigilant.com/disclosure/wp-plugin-videowhisper...

x_refsource_MISC

http://www.securityfocus.com/bid/68321

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jul 1, 2014
Vulnerability Reserved
Jun 23, 2014