CVE-2014-1906

VideoWhisper Live Streaming Integration <4.29.5 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-1906.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in VideoWhisper Live Streaming Integration, including arbitrary file upload, XSS, and path traversal. It provides technical descriptions and PoC examples for each vulnerability, demonstrating the exploitation methods.

Description

Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) m parameter to lb_status.php; (2) msg parameter to vc_chatlog.php; n parameter to (3) channel.php, (4) htmlchat.php, (5) video.php, or (6) videotext.php; (7) message parameter to lb_logout.php; or ct parameter to (8) lb_status.php or (9) v_status.php in ls/.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/31986

View Code ZIP pw:eip

This advisory details multiple vulnerabilities in VideoWhisper Live Streaming Integration, including arbitrary file upload, XSS, and path traversal. It provides technical descriptions and PoC examples for each vulnerability, demonstrating the exploitation methods.

Classification

Writeup 100%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: VideoWhisper Live Streaming Integration 4.27.3

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit x_refsource_misc

http://packetstormsecurity.com/files/125454

Exploit x_refsource_misc

https://www.htbridge.com/advisory/HTB23199

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/91477

Scores

EPSS 0.0451

EPSS Percentile 90.3%

Details

CWE

CWE-79

Status published

Products (11)

videowhisper/live_streaming_integration_plugin 4.27

videowhisper/live_streaming_integration_plugin 4.27.3

videowhisper/videowhisper_live_streaming_integration 1.0.2

videowhisper/videowhisper_live_streaming_integration 2.0

videowhisper/videowhisper_live_streaming_integration 2.1

videowhisper/videowhisper_live_streaming_integration 2.2

videowhisper/videowhisper_live_streaming_integration 4.05

videowhisper/videowhisper_live_streaming_integration 4.07

videowhisper/videowhisper_live_streaming_integration 4.25

videowhisper/videowhisper_live_streaming_integration 4.25.3

... and 1 more

Published Mar 06, 2014

Tracked Since Feb 18, 2026