VideoWhisper Video Presentation 3.25 – vp/c_login.php room_name Parameter Reflected XSS | CVE 2014-4570

Affects Plugins

videowhisper-video-presentation

Fixed in 3.31.2

References

CVE

CVE-2014-4570

URL

https://codevigilant.com/disclosure/wp-plugin-videowhisper-video-presentation-a3-cross-site-scripting-xss/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Submitter

pvdl

Verified

No

WPVDB ID

004d54e8-40fd-4b5a-bdb2-59c878220f42

Timeline

Publicly Published

2014-09-20 (about 11 years ago)

Added

2014-09-20 (about 11 years ago)

Last Updated

2019-10-21 (about 6 years ago)

Other

Published

Title

Published

2022-11-03

Title

Google Forms <= 0.95 - Admin+ Stored XSS

Published

2014-08-01

Title

LeagueManager <= 3.7 - wp-admin/admin.php Multiple Parameter XSS

Published

2024-05-07

Title

Form Maker by 10Web < 1.15.25 - Authenticated (Administrator+) Stored Cross-Site Scripting

Published

2025-05-07

Title

JupiterX Core < 4.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-09-30

Title

LA-Studio Element Kit for Elementor < 1.3.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting