Cross-Site Scripting Vulnerabilities in VideoWhisper Video Presentation Plugin by WordPress
CVE-2014-4570

Currently unrated

Key Information:

Vendor: Wordpress
Status: Video Presentation
Vendor: CVE Published:; 2 July 2014

Summary

The VideoWhisper Video Presentation plugin for WordPress contains multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web scripts or HTML. These vulnerabilities can be exploited through the 'room_name' parameter in c_login.php and the 'room' parameter in index.php, potentially leading to unauthorized actions and compromising user data.

References

http://codevigilant.com/disclosure/wp-plugin-videowhisper...

x_refsource_MISC

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

x_refsource_MISC

http://www.securityfocus.com/bid/69511

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jul 2, 2014
Vulnerability Reserved
Jun 23, 2014