CVE-2014-4570

Currently unrated

Key Information:

Vendor: Wordpress
Status: Video Presentation
Vendor: CVE Published:; 2 July 2014

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Video Presentation plugin before 3.31 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) room_name parameter to c_login.php or (2) room parameter to index.php in vp/.

References

http://codevigilant.com/disclosure/wp-plugin-videowhisper...

x_refsource_MISC

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

x_refsource_MISC

http://www.securityfocus.com/bid/69511

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jul 2, 2014
Vulnerability Reserved
Jun 23, 2014