wp-plugin : videowhisper-video-presentation – A3-Cross-Site Scripting (XSS)

 

Plugin Details

 

Plugin Name : videowhisper-video-presentation

 

Effected Version : 3.25 (and most probably lower version's if any)

 
Vulnerability : A3-Cross-Site Scripting (XSS)
 
Identified by : Anant Shrivastava

 

 

Technical Details

 

Minimum Level of Access Required : Unauthenticated

 

PoC - (Proof of Concept) :

 

http://localhost/wp-content/plugins/videowhisper-video-presentation/vp/c_login.php?room_name=room_name’>

// & http://localhost/wp-content/plugins/videowhisper-video-presentation/vp/index.php?room=”/>

// &   Vulnerable Parameter : room, room_name   Trac Log : https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=839980%40videowhisper-video-presentation&old=600781%40videowhisper-video-presentation&sfp_email=&sfph_mail=#file4

 

Disclosure Timeline

 

Vendor Contacted : 2014-01-15

 
Plugin Status : Updated on 2014-01-16
 
Public Disclosure : June 12, 2014
 
CVE Number : CVE-2014-4570

 
Plugin Description :
 
VideoWhisper Video Consultation is a web based video communication solution designed for online video consultations, interactive live presentations, trainings, webinars, coaching and online collaboration.

* Easy install and update as WordPress plugin
* Widget with online rooms
* Configurable landing room: lobby/personal
* BuddyPress group rooms
* Control access by roles, ID, email, BP Group
* Membership site ready
* Transcoding for iOS HTML5 HLS
* Presentation post type (to easily control access per room)
* Frontend room management
* Setup paid rooms with myCred integration

**Moderators** control what participant is displayed on main screen (speaker) and can also add an additional participant (inquirer) to ask questions or assist.
Selected roles can create free/paid rooms and are automatically moderators of these rooms.

**Participants** can change their public status (i.e. request to speak), upload and download room files, text and video chat depending on setup permissions.

This plugin uses the WordPress username to login existing users. From plugin settings wordpress admin can configure who will be able to use this (everybody, site members, user list).

Includes a widget that displays active rooms (with number of participants) and presentation access link.
A Video Presentation page is added to the website and can be disabled from settings.

There is a **settings** page with multiple parameters and permissions (what users can access - all, only members, predefined list of users and roles). Can be used to setup membership sites.

**BuddyPress** integration: If BuddyPress is installed this will add a Video Presentation tab to the group, where users can video chat and watch the presentations realtime in group room.
Only group admins have moderator and presentation privileges.

**Transcoding**: If enabled, moderator can transcode video of any participant as room video that shows when room is accessed from iOS.

Special requirements: This plugin has requirements beyond regular WordPress hosting specifications: a RTMP host is needed for persistent connections to manage live interactions and streaming. More details about this, including solutions are provided on the Installation section pages.

Leave a Reply

Your email address will not be published. Required fields are marked *