Vulnerabilities > Videowhisper > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-04 | CVE-2024-34759 | Cross-site Scripting vulnerability in Videowhisper Picture Gallery Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VideoWhisper Picture Gallery allows Stored XSS.This issue affects Picture Gallery: from n/a through 1.5.11. | 5.4 |
| 2024-01-08 | CVE-2023-52213 | Cross-site Scripting vulnerability in Videowhisper Rate Star Review Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VideoWhisper Rate Star Review – AJAX Reviews for Content, with Star Ratings allows Reflected XSS.This issue affects Rate Star Review – AJAX Reviews for Content, with Star Ratings: from n/a through 1.5.1. | 6.1 |
| 2022-04-20 | CVE-2022-27629 | Cross-Site Request Forgery (CSRF) vulnerability in Videowhisper Micropayments Cross-site request forgery (CSRF) vulnerability in 'MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership' versions prior to 1.9.6 allows a remote unauthenticated attacker to hijack the authentication of an administrator and perform unintended operation via unspecified vectors. | 6.8 |
| 2021-08-16 | CVE-2021-34656 | Cross-site Scripting vulnerability in Videowhisper 2Way Videocalls and Random Chat 5.2.7 The 2Way VideoCalls and Random Chat - HTML5 Webcam Videochat WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `vws_notice` function found in the ~/inc/requirements.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.2.7. | 4.3 |
| 2020-01-31 | CVE-2014-8338 | Cross-site Scripting vulnerability in Videowhisper Webcam 7.X1.7 Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter. | 4.3 |
| 2019-12-27 | CVE-2014-4567 | Cross-site Scripting vulnerability in Videowhisper Video Comments Webcam Recorder 1.45/1.45.2/1.55 Cross-site scripting (XSS) vulnerability in comments/videowhisper2/r_logout.php in the Video Comments Webcam Recorder plugin 1.55, as downloaded before 20140116 for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter. | 4.3 |
| 2018-03-19 | CVE-2014-2297 | Cross-site Scripting vulnerability in Videowhisper Live Streaming Integration 4.29.6 Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. | 4.3 |
| 2014-12-29 | CVE-2014-1908 | Information Exposure vulnerability in Videowhisper Live Streaming Integration The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. | 5.0 |
| 2014-07-02 | CVE-2014-4570 | Cross-Site Scripting vulnerability in Videowhisper Video Presentation 3.25 Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Video Presentation plugin before 3.31 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) room_name parameter to c_login.php or (2) room parameter to index.php in vp/. | 4.3 |
| 2014-07-02 | CVE-2014-4568 | Cross-Site Scripting vulnerability in Videowhisper Video Posts Webcam Recorder 1.55.4 Cross-site scripting (XSS) vulnerability in posts/videowhisper/r_logout.php in the Video Posts Webcam Recorder plugin 1.55.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter. | 4.3 |