CVE-2023-25699 – WordPress VideoWhisper Live Streaming Integration plugin <= 5.5.15 - Remote Code Execution (RCE)

https://notcve.org/view.php?id=CVE-2023-25699

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in VideoWhisper.Com VideoWhisper Live Streaming Integration allows OS Command Injection.This issue affects VideoWhisper Live Streaming Integration: from n/a through 5.5.15. La neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('inyección de comando del sistema operativo') en VideoWhisper.Com VideoWhisper Live Streaming Integration permite la inyección de comandos del sistema operativo. Este problema afecta la integración de transmisión en vivo de VideoWhisper: desde n/a hasta 5.5.15. The Live Streaming - Broadcast Live Video Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 5.5.15. This allows unauthenticated attackers to execute code on the server. • https://patchstack.com/database/vulnerability/videowhisper-live-streaming-integration/wordpress-broadcast-live-video-live-streaming-html5-webrtc-hls-rtsp-rtmp-plugin-5-5-15-remote-code-execution-rce?_s_id=cve • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •