Plattform
wordpress
Komponente
videowhisper-live-streaming-integration
Behoben in
6.2.1
CVE-2025-26753 describes an Arbitrary File Access vulnerability within the Broadcast Live Video plugin for WordPress. This flaw, stemming from improper limitation of pathnames, allows attackers to potentially access sensitive files on the server. Versions of Broadcast Live Video from 0.0.0 up to and including 6.2 are affected. A patch has been released in version 6.2.1.
The Arbitrary File Access vulnerability allows an attacker to bypass intended access restrictions and read files from the server's file system. Successful exploitation could expose sensitive data such as configuration files, database credentials, or even source code. Depending on the files accessible, this could lead to complete system compromise. The attacker would need to craft a malicious URL containing path traversal sequences (e.g., ../) to access files outside the intended directory. This vulnerability shares similarities with other path traversal exploits, where attackers leverage directory traversal characters to navigate the file system.
CVE-2025-26753 was publicly disclosed on 2025-02-25. Currently, there are no known active campaigns targeting this vulnerability, and no public proof-of-concept exploits have been released. The vulnerability is not listed on the CISA KEV catalog at the time of this writing. The CVSS score of 7.5 (HIGH) indicates a significant potential for exploitation.
WordPress websites utilizing the Broadcast Live Video plugin, particularly those running older versions (0.0.0 - 6.2), are at risk. Shared hosting environments where WordPress installations have limited file system access controls are also at increased risk, as an attacker gaining access to one site could potentially exploit this vulnerability to access files on other sites hosted on the same server.
• wordpress / composer / npm:
grep -r "../" /var/www/html/videowhisper-live-streaming-integration/*• generic web:
curl -I 'https://your-wordpress-site.com/videowhisper-live-streaming-integration/../../../../etc/passwd' # Check for file disclosuredisclosure
Exploit-Status
EPSS
0.19% (41% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-26753 is to immediately upgrade the Broadcast Live Video plugin to version 6.2.1 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing a Web Application Firewall (WAF) rule to block requests containing path traversal sequences (e.g., ../, ..%2F). Additionally, restrict file permissions on sensitive directories to prevent unauthorized access. Monitor WordPress access logs for suspicious requests containing path traversal attempts.
Actualice el plugin 'Broadcast Live Video' a la última versión disponible para solucionar la vulnerabilidad de recorrido de directorio. Verifique la página del plugin en WordPress.org para obtener la versión más reciente y las instrucciones de actualización. Asegúrese de realizar una copia de seguridad de su sitio web antes de actualizar cualquier plugin.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-26753 is a HIGH severity vulnerability allowing attackers to access files on a WordPress server through the Broadcast Live Video plugin. It affects versions 0.0.0–6.2 and has a CVSS score of 7.5.
If you are using Broadcast Live Video versions 0.0.0 through 6.2 on your WordPress site, you are potentially affected by this vulnerability. Check your plugin version immediately.
Upgrade the Broadcast Live Video plugin to version 6.2.1 or later to resolve this Arbitrary File Access vulnerability. Consider WAF rules as a temporary workaround if immediate upgrade is not possible.
As of now, there is no confirmed evidence of active exploitation, but the vulnerability's nature makes it a potential target. Monitor your systems closely.
Refer to the vendor's official website or WordPress plugin repository for the latest advisory and release notes regarding CVE-2025-26753.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.