Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 18.0%.
Command Injection
WordPress
PHP
File Upload
Videowhisper Live Streaming Integration
NVD
Exploit-DB
CVSS 2.0
10.0
EPSS
18.0%
Threat
4.0