Wp Plugin Videowhisper Video Presentation

Plugin Details

Plugin Name: wp-plugin : videowhisper-video-presentation
Effected Version : 3.25 (and most probably lower version's if any)
Vulnerability : Cross-Site Scripting (XSS)
Minimum Level of Access Required : Unauthenticated
CVE Number : CVE-2014-4570
Identified by : Anantshri
WPScan Reference URL

Disclosure Timeline

Technical Details

http://localhost/wp-content/plugins/videowhisper-video-presentation/vp/c_login.php?room_name=room_name’>

// & http://localhost/wp-content/plugins/videowhisper-video-presentation/vp/index.php?room=”/>

// &   Vulnerable Parameter : room, room_name   Trac Log : https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=839980%40videowhisper-video-presentation&old=600781%40videowhisper-video-presentation&sfp_email=&sfph_mail=#file4