CVE-2025-62959: WordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Remote Code Execution (RCE) vulnerability
Published Oct 27, 2025
·Updated
Improper Control of Generation of Code ('Code Injection') vulnerability in videowhisper Paid Videochat Turnkey Site ppv-live-webcams allows Remote Code Inclusion.This issue affects Paid Videochat Turnkey Site: from n/a through <= 7.3.23.
Affected Software
1 affected component
VideoWhisper Paid Videochat Turnkey Site (WordPress plugin)<=7.3.23
Event History
Oct 27, 2025
CVE Published
via MITRE·01:34 AM
Data Sourced
via MITRE·01:34 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·02:15 AM
DescriptionSeverityWeakness
Frequently Asked Questions
1
What is the severity of CVE-2025-62959?
CVE-2025-62959 has a high severity level due to the potential for remote code execution.
2
How do I fix CVE-2025-62959?
To fix CVE-2025-62959, update the Videowhisper Paid Videochat Turnkey Site to version 7.3.23 or later.
3
What versions of the software are affected by CVE-2025-62959?
CVE-2025-62959 affects Videowhisper Paid Videochat Turnkey Site versions up to and including 7.3.22.
4
What kind of vulnerability is CVE-2025-62959?
CVE-2025-62959 is categorized as a code injection vulnerability, specifically allowing remote code inclusion.
5
Who is the vendor of the software related to CVE-2025-62959?
The vendor of the affected software for CVE-2025-62959 is Videowhisper.