Path Traversal Vulnerability in VideoWhisper Live Streaming Integration by VideoWhisper
CVE-2025-26753

7.5HIGH

Key Information:

Vendor: WordPress
Status: Videowhisper Live Streaming Integration
Vendor: CVE Published:; 25 February 2025

Summary

A path traversal vulnerability exists in the VideoWhisper Live Streaming Integration, allowing unauthorized access to restricted directories. This flaw can be exploited to read sensitive files on the server, posing significant security risks. The affected versions range from n/a through 6.2, necessitating immediate attention to protect data integrity and privacy. Users are advised to implement mitigations and update to the latest version to safeguard against potential exploits.

Affected Version(s)

VideoWhisper Live Streaming Integration <= 6.2

References

https://patchstack.com/database/wordpress/plugin/videowhi...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 25, 2025
Vulnerability Reserved
Feb 14, 2025

Credit

muhammad yudha (Patchstack Alliance)