What is CVE-2025-26753 — Arbitrary File Access in Broadcast Live Video?

CVE-2025-26753 is a HIGH severity vulnerability allowing attackers to access files on a WordPress server through the Broadcast Live Video plugin. It affects versions 0.0.0–6.2 and has a CVSS score of 7.5.

Am I affected by CVE-2025-26753 in Broadcast Live Video?

If you are using Broadcast Live Video versions 0.0.0 through 6.2 on your WordPress site, you are potentially affected by this vulnerability. Check your plugin version immediately.

How do I fix CVE-2025-26753 in Broadcast Live Video?

Upgrade the Broadcast Live Video plugin to version 6.2.1 or later to resolve this Arbitrary File Access vulnerability. Consider WAF rules as a temporary workaround if immediate upgrade is not possible.

Is CVE-2025-26753 being actively exploited?

As of now, there is no confirmed evidence of active exploitation, but the vulnerability's nature makes it a potential target. Monitor your systems closely.

Where can I find the official Broadcast Live Video advisory for CVE-2025-26753?

Refer to the vendor's official website or WordPress plugin repository for the latest advisory and release notes regarding CVE-2025-26753.

CVE-2025-26753 — Vulnerability Details

NEXTGUARD

Gratis scannen

CVE-2025-26753 — Vulnerability Details | NextGuard

Detectiestappenwordt vertaald…

• wordpress / composer / npm:

grep -r "../" /var/www/html/videowhisper-live-streaming-integration/*

• generic web:

curl -I 'https://your-wordpress-site.com/videowhisper-live-streaming-integration/../../../../etc/passwd' # Check for file disclosure

WordPress VideoWhisper Live Streaming Integration plugin <= 6.2 - Arbitrair File Download kwetsbaarheid

Impact en Aanvalsscenarios

Uitbuitingscontext

Wie Loopt Risicowordt vertaald…

Detectiestappenwordt vertaald…

Aanvalstijdlijn

Dreigingsinformatie

Getroffen Software

Zwakheidsclassificatie (CWE)

Tijdlijn

Mitigatie en Workarounds

Hoe te verhelpenwordt vertaald…

CVE Beveiligingsnieuwsbrief

Veelgestelde vragenwordt vertaald…

What is CVE-2025-26753 — Arbitrary File Access in Broadcast Live Video?

Am I affected by CVE-2025-26753 in Broadcast Live Video?

How do I fix CVE-2025-26753 in Broadcast Live Video?

Is CVE-2025-26753 being actively exploited?

Where can I find the official Broadcast Live Video advisory for CVE-2025-26753?

Pakketinformatie

Is jouw project getroffen?

Detecteer deze CVE in je project