PatchSiren cyber security CVE debrief
CVE-2026-27053 VideoWhisper.com CVE debrief
CVE-2026-27053 is a critical vulnerability with a CVSS score of 9.8, affecting Broadcast Live Video plugin versions prior to 7.1.3. The vulnerability allows for unauthenticated PHP object injection. The CVE was published on 2026-06-15T21:16:40.640Z and last modified on 2026-06-15T21:24:32.790Z.
- Vendor
- VideoWhisper.com
- Product
- Broadcast Live Video
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of Broadcast Live Video plugin versions prior to 7.1.3 should be aware of this critical vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by an unauthenticated PHP object injection in Broadcast Live Video plugin versions prior to 7.1.3. This could allow an attacker to execute arbitrary PHP code.
Defensive priority
high
Recommended defensive actions
- Update Broadcast Live Video plugin to version 7.1.3 or later.
- Review and restrict access to sensitive areas of the plugin.
Evidence notes
The CVE was reported by Patchstack, as indicated by the reference [ref-4](https://patchstack.com/database/wordpress/plugin/videowhisper-live-streaming-integration/vulnerability/wordpress-broadcast-live-video-plugin-7-1-3-php-object-injection-vulnerability?_s_id=cve).
Official resources
-
CVE-2026-27053 CVE record
CVE.org
-
CVE-2026-27053 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-27053 was published on 2026-06-15T21:16:40.640Z and last modified on 2026-06-15T21:24:32.790Z.