CVE-2014-1908

Broadcast Live Video – Live Streaming < 4.29.5 - Full Path Disclosure

mediumExposure of Sensitive Information to an Unauthorized Actor

5.3

CVSS Score

5.3

CVSS Score

medium

Severity

4.29.5

Patched in

3617d

Time to patch

Description

The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.

CVSS Vector Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Low

Confidentiality

None

Integrity

None

Availability

Technical Details

Affected versions<4.29.5

PublishedFebruary 27, 2014

Last updatedJanuary 22, 2024

Affected pluginvideowhisper-live-streaming-integration

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/959846a3-0e57-4227-a52b-942b589596f0?source=api-prod

Check if your site is affected.

Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.

Run free audit Browse CVE database