Filtered by vendor Videowhisper
Subscriptions
Total
30 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-13584 | 1 Videowhisper | 1 Picture Gallery | 2025-01-24 | 6.4 Medium |
| The Picture Gallery – Frontend Image Uploads, AJAX Photo List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_pictures' shortcode in all versions up to, and including, 1.5.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-34759 | 1 Videowhisper | 1 Picture Gallery | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VideoWhisper Picture Gallery allows Stored XSS.This issue affects Picture Gallery: from n/a through 1.5.11. | ||||
| CVE-2022-27629 | 1 Videowhisper | 1 Micropayments | 2024-11-21 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in 'MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership' versions prior to 1.9.6 allows a remote unauthenticated attacker to hijack the authentication of an administrator and perform unintended operation via unspecified vectors. | ||||
| CVE-2021-24512 | 1 Videowhisper | 1 Video Posts Webcam Recorder | 2024-11-21 | 5.4 Medium |
| The Video Posts Webcam Recorder WordPress plugin before 3.2.4 has an authenticated reflected cross site scripting (XSS) vulnerability in one of the administrative functions for handling deletion of videos. | ||||
| CVE-2015-9272 | 1 Videowhisper | 1 Video Presentation | 2024-11-21 | N/A |
| The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code. | ||||
| CVE-2015-9271 | 1 Videowhisper | 1 Video Conference | 2024-11-21 | N/A |
| The VideoWhisper videowhisper-video-conference-integration plugin 4.91.8 for WordPress allows remote attackers to execute arbitrary code because vc/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code, a different vulnerability than CVE-2014-1905. | ||||
| CVE-2014-8338 | 1 Videowhisper | 1 Webcam | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter. | ||||
| CVE-2014-4567 | 1 Videowhisper | 1 Video Comments Webcam Recorder | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in comments/videowhisper2/r_logout.php in the Video Comments Webcam Recorder plugin 1.55, as downloaded before 20140116 for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter. | ||||
| CVE-2014-2297 | 1 Videowhisper | 1 Videowhisper Live Streaming Integration | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. NOTE: vector 1 may overlap CVE-2014-1906.4. | ||||
| CVE-2024-49235 | 1 Videowhisper | 1 Contact Forms Live Support Crm Video Messages Plugin | 2024-10-18 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in VideoWhisper.Com Contact Forms, Live Support, CRM, Video Messages allows Retrieve Embedded Sensitive Data.This issue affects Contact Forms, Live Support, CRM, Video Messages: from n/a through 1.10.2. | ||||