Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

videowhisper — Vulnerabilities & Security Advisories 25

Browse all 25 CVE security advisories affecting videowhisper. AI-powered Chinese analysis, POCs, and references for each vulnerability.

VideoWhisper is a software provider specializing in video conferencing and remote collaboration solutions, primarily targeting enterprise and educational sectors. Security audits have identified twenty-five distinct Common Vulnerabilities and Exposures (CVEs) associated with its platform, indicating a significant historical attack surface. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and Privilege Escalation flaws. These defects often stem from inadequate input validation and improper access control mechanisms within the application’s web interface and API endpoints. Notable incidents involve attackers exploiting unpatched RCE vulnerabilities to gain unauthorized administrative access, leading to potential data exfiltration and service disruption. The company has released multiple patches to address these critical issues, yet the high volume of recorded CVEs suggests ongoing challenges in maintaining robust security hygiene across its product suite.

Top products by videowhisper: Video Share VOD – Turnkey Video Site Builder Script Paid Videochat Turnkey Site Broadcast Live Video Picture Gallery Picture Gallery – Frontend Image Uploads, AJAX Photo List MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet MicroPayments MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership Rate Star Review – AJAX Reviews for Content, with Star Ratings Contact Forms, Live Support, CRM, Video Messages Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP Rate Star Review Vote – AJAX Reviews, Votes, Star Ratings Video Share VOD Paid Videochat Turnkey Site – HTML5 PPV Live Webcams
CVE IDTitleCVSSSeverityPublished
CVE-2025-8899 Paid Videochat Turnkey Site – HTML5 PPV Live Webcams <= 7.3.20 - Authenticated (Author+) Privilege Escalation — Paid Videochat Turnkey Site – HTML5 PPV Live WebcamsCWE-269 8.8 High2026-03-07
CVE-2025-13727 Video Share VOD <= 2.7.11 - Authenticated (Editor+) Stored Cross-Site Scripting via Custom Field Meta Values — Video Share VOD – Turnkey Video Site Builder ScriptCWE-79 4.4 Medium2026-02-18
CVE-2025-62959 WordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Remote Code Execution (RCE) vulnerability — Paid Videochat Turnkey SiteCWE-94 9.1 Critical2025-10-27
CVE-2025-7812 Video Share VOD – Turnkey Video Site Builder Script <= 2.7.6 - Cross-Site Request Forgery to Command Injection — Video Share VOD – Turnkey Video Site Builder ScriptCWE-352 8.8 High2025-08-28
CVE-2025-5937 MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet <= 3.2.0 - Cross-Site Request Forgery to Settings Reset — MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, WalletCWE-352 4.3 Medium2025-06-28
CVE-2025-48255 WordPress Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP plugin <= 6.2.4 - Cross Site Request Forgery (CSRF) Vulnerability — Broadcast Live VideoCWE-352 4.3 Medium2025-05-19
CVE-2025-31380 WordPress Paid Videochat Turnkey Site plugin <= 7.3.11 - Broken Authentication Vulnerability — Paid Videochat Turnkey SiteCWE-640 9.8 Critical2025-04-17
CVE-2025-31075 WordPress MicroPayments plugin <= 2.9.29 - Cross Site Scripting (XSS) vulnerability — MicroPaymentsCWE-80 6.5 Medium2025-03-28
CVE-2025-26581 WordPress Picture Gallery plugin <= 1.6.3 - CSRF to Stored XSS vulnerability — Picture GalleryCWE-79 7.1 High2025-03-26
CVE-2025-26583 WordPress Video Share VOD plugin <= 2.7.9 - Reflected Cross-Site Scripting vulnerability — Video Share VODCWE-79 7.1 High2025-03-26
CVE-2025-26579 WordPress MicroPayments Paid Membership plugin <= 3.2.4 - Reflected Cross-Site Scripting vulnerability — MicroPaymentsCWE-79 7.1 High2025-03-26
CVE-2025-26753 WordPress VideoWhisper Live Streaming Integration plugin <= 6.2 - Arbitrary File Download vulnerability — Broadcast Live VideoCWE-22 7.5 High2025-02-25
CVE-2025-26752 WordPress VideoWhisper Live Streaming Integration plugin <= 6.2 - Arbitrary File Deletion vulnerability — Broadcast Live VideoCWE-22 8.6 High2025-02-25
CVE-2025-22663 WordPress Paid Videochat Turnkey Site plugin <= 7.2.12 - Arbitrary File Deletion vulnerability — Paid Videochat Turnkey SiteCWE-22 8.6 High2025-02-18
CVE-2024-12504 Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 6.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting — Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMPCWE-79 6.4 Medium2025-01-23
CVE-2024-13584 Picture Gallery – Frontend Image Uploads, AJAX Photo List <= 1.5.19 - Authenticated (Contributor+) Stored Cross-Site Scripting — Picture Gallery – Frontend Image Uploads, AJAX Photo ListCWE-79 6.4 Medium2025-01-22
CVE-2024-13392 Rate Star Review Vote – AJAX Reviews, Votes, Star Ratings <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Rate Star Review Vote – AJAX Reviews, Votes, Star RatingsCWE-79 6.4 Medium2025-01-18
CVE-2024-13393 Video Share VOD – Turnkey Video Site Builder Script <= 2.6.31 - Authenticated (Contributor+) Stored Cross-Site Scripting — Video Share VOD – Turnkey Video Site Builder ScriptCWE-79 6.4 Medium2025-01-18
CVE-2024-12696 Picture Gallery – Frontend Image Uploads, AJAX Photo List <= 1.5.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via videowhisper_picture_upload_guest Shortcode — Picture Gallery – Frontend Image Uploads, AJAX Photo ListCWE-79 6.4 Medium2025-01-18
CVE-2024-13391 MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Tokens Wallet <= 2.9.29 - Authenticated (Contributor+) Stored Cross-Site Scripting — MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, WalletCWE-79 6.4 Medium2025-01-18
CVE-2024-12449 Video Share VOD – Turnkey Video Site Builder Script <= 2.6.30 - Authenticated (Contributor+) Stored Cross-Site Scripting — Video Share VOD – Turnkey Video Site Builder ScriptCWE-79 6.4 Medium2024-12-18
CVE-2024-49235 WordPress Contact Forms, Live Support, CRM, Video Messages plugin <= 1.10.2 - Sensitive Data Exposure vulnerability — Contact Forms, Live Support, CRM, Video MessagesCWE-201 7.5 High2024-10-17
CVE-2024-34759 WordPress Picture Gallery plugin <= 1.5.11 - Cross Site Scripting (XSS) vulnerability — Picture GalleryCWE-79 6.5 Medium2024-06-04
CVE-2023-52213 WordPress Rate Star Review Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS) — Rate Star Review – AJAX Reviews for Content, with Star RatingsCWE-79 7.1 High2024-01-08
CVE-2022-27629 WordPress Plugin MicroPayments 跨站请求伪造漏洞 — MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership 8.8 -2022-04-20

This page lists every published CVE security advisory associated with videowhisper. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.