CVE-2025-48255: WordPress Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP plugin <= 6.2.4 - Cross Site Request Forgery (CSRF) Vulnerability
Published May 19, 2025
·Updated
Cross-Site Request Forgery (CSRF) vulnerability in videowhisper Broadcast Live Video videowhisper-live-streaming-integration allows Cross Site Request Forgery.This issue affects Broadcast Live Video: from n/a through <= 6.2.4.
Affected Software
2 affected components
WordPress Broadcast Live Video – Live Streaming<=6.2.4
VideoWhisper Videowhisper Live Streaming Integration Wordpress<=6.2.4
Remediation
Information
Update the WordPress Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP plugin to the latest available version (at least 6.2.5).
Event History
May 19, 2025
CVE Published
via MITRE·02:44 PM
Data Sourced
via MITRE·02:44 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·03:15 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-48255?
CVE-2025-48255 is classified as a Cross-Site Request Forgery (CSRF) vulnerability.
2
How do I fix CVE-2025-48255?
To fix CVE-2025-48255, update the Broadcast Live Video – Live Streaming plugin to version 6.2.5 or later.
3
What software is affected by CVE-2025-48255?
CVE-2025-48255 affects the WordPress Broadcast Live Video – Live Streaming plugin versions up to 6.2.4.
4
What kind of attack does CVE-2025-48255 allow?
CVE-2025-48255 allows attackers to perform Cross-Site Request Forgery attacks on the affected plugin.
5
When was CVE-2025-48255 disclosed?
CVE-2025-48255 was disclosed recently and requires immediate attention to mitigate risks.