wp-plugin : oleggo-livestream – A3-Cross-Site Scripting (XSS)


Plugin Details


Plugin Name : oleggo-livestream


Effected Version : 0.2.6 (and most probably lower version's if any)

Vulnerability : A3-Cross-Site Scripting (XSS)
Identified by : Prajal Kulkarni



Technical Details


Minimum Level of Access Required : Unauthenticated


PoC - (Proof of Concept) :




Vulnerable Parameter : msg



Disclosure Timeline


Vendor Contacted : 2014-01-21

Plugin Status : Closed
Public Disclosure : May 28, 2014
CVE Number : CVE-2014-4540

Plugin Description :
Oleggo LiveStream is a wordpress plugin that integrates video streaming, twitter and facebook to improve your streaming events.

Oleggo LiveStream can manage video streaming (from youtube, vimeo, ustream or whatever you want), plus you can add twitter hashtags search and facebook live streaming. Using these services you can create a great livestreaming event page.

Leave a Reply

Your email address will not be published. Required fields are marked *