CVE-2023-25988
- EPSS 0.81%
- Veröffentlicht 13.12.2024 15:15:10
- Zuletzt bearbeitet 28.04.2026 19:19:54
Missing Authorization vulnerability in Video Gallery by Total-Soft Video Gallery – YouTube Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Gallery – YouTube Gallery: from n/a through 1.7.6.
CVE-2024-9769
- EPSS 0.3%
- Veröffentlicht 06.12.2024 04:15:05
- Zuletzt bearbeitet 09.07.2025 12:53:53
The Video Gallery – Best WordPress YouTube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes...
CVE-2024-10247
- EPSS 0.51%
- Veröffentlicht 06.12.2024 04:15:04
- Zuletzt bearbeitet 09.07.2025 12:57:29
The Video Gallery – Best WordPress YouTube Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter...
CVE-2023-45069
- EPSS 0.55%
- Veröffentlicht 06.11.2023 09:15:08
- Zuletzt bearbeitet 29.04.2026 10:16:17
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Video Gallery by Total-Soft Video Gallery – Best WordPress YouTube Gallery Plugin allows SQL Injection.This issue affects Video Gallery – Best WordP...
CVE-2023-25979
- EPSS 0.37%
- Veröffentlicht 03.05.2023 14:15:32
- Zuletzt bearbeitet 21.11.2024 07:50:33
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Video Gallery by Total-Soft Video Gallery plugin <= 1.7.6 versions.