CVE-2014-1907
Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_logout.php.
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.0801 (8.0%)
Percentile: 92.1%
EPSS: 2026-05-06
Affects
videowhisper:live_streaming_integration_pluginvideowhisper:videowhisper_live_streaming_integrationwordpress:wordpressTechnical description
Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_logout.php.
Published: 3/6/2014, 3:55:28 PM
Last modified: 5/6/2026, 10:30:45 PM