WordPress VideoWhisper Live Streaming Integration Plugin XSS Vulnerability

Summary
This host is installed with WordPress VideoWhisper Live Streaming Integration Plugin and is prone to cross-site scripting vulnerability.
Impact
Successful exploitation will allow remote attacker to execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Impact Level: Application
Solution
Upgrade to version 4.27.3 or later. For updates refer http://wordpress.org/plugins/videowhisper-live-streaming-integration
Insight
Input passed via the 'room_name' GET parameter to ls/vv_login.php script is not properly sanitised before returning to the user.
Affected
WordPress VideoWhisper Live Streaming Integration Plugin version 4.27.2 and prior.
Detection
Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.
References