Description
Improper Control of Generation of Code ('Code Injection') vulnerability in VideoWhisper.Com Broadcast Live Video allows Code Injection.

This issue affects Broadcast Live Video: from n/a before 7.1.3.
Published: 2026-05-25
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is an Improper Control of Generation of Code (CWE‑94) in the VideoWhisper.com Broadcast Live Video plugin, allowing an attacker to inject and execute arbitrary code within a WordPress site, potentially leading to full compromise of the affected installation.

Affected Systems

The affected product is the VideoWhisper.com Broadcast Live Video plugin. All versions prior to 7.1.3 are vulnerable, and the fix is included beginning with version 7.1.3 and later.

Risk and Exploitability

The CVSS score of 7.2 indicates a high severity impact from remote code execution. No EPSS exploitation probability data is available, and the issue is not listed in the CISA KEV catalog, suggesting that publicly documented exploits are not known. Based on the description, it is inferred that an attacker could leverage the flaw via the plugin’s broadcast functionality to inject malicious code, posing a serious risk to confidentiality, integrity, and availability of the WordPress site.

Generated by OpenCVE AI on May 25, 2026 at 23:50 UTC.

Remediation

Vendor Solution

Update the WordPress Broadcast Live Video Plugin to the latest available version (at least 7.1.3).

OpenCVE Recommended Actions

  • Update the Broadcast Live Video plugin to version 7.1.3 or later.
  • If an update cannot be applied immediately, deactivate and remove the plugin until the patch is applied.
  • Keep the WordPress core, themes, and other plugins up to date and regularly review security configurations to reduce overall risk.

Generated by OpenCVE AI on May 25, 2026 at 23:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 11:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 25 May 2026 22:45:00 +0000

Type Values Removed Values Added
Description Improper Control of Generation of Code ('Code Injection') vulnerability in VideoWhisper.Com Broadcast Live Video allows Code Injection. This issue affects Broadcast Live Video: from n/a before 7.1.3.
Title WordPress Broadcast Live Video plugin < 7.1.3 - Remote Code Execution (RCE) vulnerability
Weaknesses CWE-94
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-26T10:51:22.482Z

Reserved: 2026-01-28T09:50:05.800Z

Link: CVE-2026-24937

cve-icon Vulnrichment

Updated: 2026-05-26T10:51:17.894Z

cve-icon NVD

Status : Received

Published: 2026-05-25T23:16:32.440

Modified: 2026-05-25T23:16:32.440

Link: CVE-2026-24937

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T00:00:13Z

Weaknesses