CVE-2023-25988
- EPSS 0.22%
- Veröffentlicht 13.12.2024 15:15:10
- Zuletzt bearbeitet 13.12.2024 15:15:10
Missing Authorization vulnerability in Video Gallery by Total-Soft Video Gallery – YouTube Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Gallery – YouTube Gallery: from n/a through 1.7.6.
CVE-2024-9769
- EPSS 0.24%
- Veröffentlicht 06.12.2024 04:15:05
- Zuletzt bearbeitet 09.07.2025 12:53:53
The Video Gallery – Best WordPress YouTube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes...
CVE-2024-10247
- EPSS 0.93%
- Veröffentlicht 06.12.2024 04:15:04
- Zuletzt bearbeitet 09.07.2025 12:57:29
The Video Gallery – Best WordPress YouTube Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter...
CVE-2023-45069
- EPSS 0.21%
- Veröffentlicht 06.11.2023 09:15:08
- Zuletzt bearbeitet 26.02.2025 22:15:11
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Video Gallery by Total-Soft Video Gallery – Best WordPress YouTube Gallery Plugin allows SQL Injection.This issue affects Video Gallery – Best WordP...
CVE-2023-25979
- EPSS 0.08%
- Veröffentlicht 03.05.2023 14:15:32
- Zuletzt bearbeitet 21.11.2024 07:50:33
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Video Gallery by Total-Soft Video Gallery plugin <= 1.7.6 versions.