Vulnerabilities > Videowhisper

DATE CVE VULNERABILITY TITLE RISK
2021-08-16 CVE-2021-34656 Cross-site Scripting vulnerability in Videowhisper 2Way Videocalls and Random Chat 5.2.7
The 2Way VideoCalls and Random Chat - HTML5 Webcam Videochat WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `vws_notice` function found in the ~/inc/requirements.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.2.7.
4.3
2021-08-16 CVE-2021-24512 Cross-site Scripting vulnerability in Videowhisper Video Posts Webcam Recorder 1.55.4
The Video Posts Webcam Recorder WordPress plugin before 3.2.4 has an authenticated reflected cross site scripting (XSS) vulnerability in one of the administrative functions for handling deletion of videos.
3.5
2020-01-31 CVE-2014-8338 Cross-site Scripting vulnerability in Videowhisper Webcam 7.X1.7
Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter.
4.3
2019-12-27 CVE-2014-4567 Cross-site Scripting vulnerability in Videowhisper Video Comments Webcam Recorder 1.45/1.45.2/1.55
Cross-site scripting (XSS) vulnerability in comments/videowhisper2/r_logout.php in the Video Comments Webcam Recorder plugin 1.55, as downloaded before 20140116 for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter.
4.3
2018-10-05 CVE-2015-9272 Code Injection vulnerability in Videowhisper Video Presentation 3.31.17
The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code.
network
low complexity
videowhisper CWE-94
7.5
2018-10-04 CVE-2015-9271 Unrestricted Upload of File with Dangerous Type vulnerability in Videowhisper Video Conference 4.91.8
The VideoWhisper videowhisper-video-conference-integration plugin 4.91.8 for WordPress allows remote attackers to execute arbitrary code because vc/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code, a different vulnerability than CVE-2014-1905.
network
low complexity
videowhisper CWE-434
7.5
2018-03-19 CVE-2014-2297 Cross-site Scripting vulnerability in Videowhisper Live Streaming Integration 4.29.6
Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php.
4.3
2014-12-29 CVE-2014-1908 Information Exposure vulnerability in Videowhisper Live Streaming Integration
The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.
network
low complexity
videowhisper CWE-200
5.0
2014-12-29 CVE-2014-1905 Command Injection vulnerability in Videowhisper Live Streaming Integration
Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename.
network
low complexity
videowhisper CWE-77
critical
10.0
2014-07-02 CVE-2014-4570 Cross-Site Scripting vulnerability in Videowhisper Video Presentation 3.25
Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Video Presentation plugin before 3.31 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) room_name parameter to c_login.php or (2) room parameter to index.php in vp/.
4.3