CVE-2014-1905

WordPress VideoWhisper Live Streaming Integration <4.29.5 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-1905.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in VideoWhisper Live Streaming Integration, including arbitrary file upload (CVE-2014-1905), XSS (CVE-2014-1906), and path traversal (CVE-2014-1907). It provides technical descriptions, PoC examples, and affected endpoints but does not include functional exploit code.

Description

Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename.

Exploits (1)

exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/31986

This advisory details multiple vulnerabilities in VideoWhisper Live Streaming Integration, including arbitrary file upload (CVE-2014-1905), XSS (CVE-2014-1906), and path traversal (CVE-2014-1907). It provides technical descriptions, PoC examples, and affected endpoints but does not include functional exploit code.

Classification
Writeup 95%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: VideoWhisper Live Streaming Integration 4.27.3 and prior
No auth needed
Prerequisites: Access to vulnerable endpoint · Web server misconfiguration for .jpg mime-type handling
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

EPSS 0.1036
EPSS Percentile 95.1%

Details

CWE
CWE-77
Status published
Products (1)
videowhisper/videowhisper_live_streaming_integration < 4.27.4
Published Dec 29, 2014
Tracked Since Feb 18, 2026