CVE-2026-24937: WordPress Broadcast Live Video plugin < 7.1.3 - Remote Code Execution (RCE) vulnerability
Published May 25, 2026
·Updated
Improper Control of Generation of Code ('Code Injection') vulnerability in VideoWhisper.Com Broadcast Live Video allows Code Injection. This issue affects Broadcast Live Video: from n/a before 7.1.3.
Affected Software
1 affected component
VideoWhisper Broadcast Live Video<7.1.3
Remediation
Information
Update the WordPress Broadcast Live Video Plugin to the latest available version (at least 7.1.3).
Event History
May 25, 2026
CVE Published
via MITRE·10:13 PM
Data Sourced
via MITRE·10:13 PM
RemedyDescriptionSeverityWeakness
Frequently Asked Questions
1
What is the severity of CVE-2026-24937?
The severity of CVE-2026-24937 is rated as high with a score of 7.2.
2
What is CVE-2026-24937 about?
CVE-2026-24937 is a remote code execution vulnerability in the WordPress Broadcast Live Video plugin that allows code injection.
3
How do I fix CVE-2026-24937?
To fix CVE-2026-24937, update the WordPress Broadcast Live Video plugin to at least version 7.1.3.
4
What software does CVE-2026-24937 affect?
CVE-2026-24937 affects the VideoWhisper Broadcast Live Video plugin for WordPress.
5
When was CVE-2026-24937 published?
CVE-2026-24937 was published on May 25, 2026.