5 matches found
CVE-2015-9272
The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vwupload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code...
Input validation
The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vwupload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code...
CVE-2015-9272
The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vwupload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code...
WordPress VideoWhisper Video Presentation Plugin Arbitrary File Download Vulnerability
WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL.VideoWhisper Video Presentation is a video communication plugin. A security vulnerability in the WordPress VideoWhisper Video Presentation plugin allows remote...
CVE-2014-4570
CVE-2014-4570 affects the VideoWhisper Video Presentation WordPress plugin (pre-3.31). Vulnerability: cross-site scripting (XSS) allowing remote attackers to inject arbitrary script/HTML via the room_name parameter to c_login.php or the room parameter to index.php in vp/. Impact: XSS with network...