Plugins360

All-in-one Video Gallery

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2026-1706

  • EPSS 0.09%
  • Veröffentlicht 04.03.2026 09:24:30
  • Zuletzt bearbeitet 04.03.2026 18:08:05

The All-in-One Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'vi' parameter in all versions up to, and including, 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible fo...

4.3

CVE-2025-15516

  • EPSS 0.03%
  • Veröffentlicht 24.01.2026 08:26:33
  • Zuletzt bearbeitet 26.01.2026 15:03:33

The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_callback_store_user_meta() function in versions 4.1.0 to 4.6.4. This makes it possible for authenticate...

6.5

CVE-2025-14947

  • EPSS 0.04%
  • Veröffentlicht 23.01.2026 17:26:06
  • Zuletzt bearbeitet 26.01.2026 15:03:33

The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `ajax_callback_create_bunny_stream_video`, `ajax_callback_get_bunny_stream_video`, and `ajax_callback_delete...

8.8

CVE-2025-12957

  • EPSS 0.05%
  • Veröffentlicht 16.01.2026 04:44:35
  • Zuletzt bearbeitet 16.01.2026 15:55:12

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 4.5.7. This is due to insufficient file type validation detecting VTT files, allowing double extension files to bypass sani...

8.8

CVE-2025-12966

  • EPSS 0.35%
  • Veröffentlicht 06.12.2025 09:25:57
  • Zuletzt bearbeitet 08.12.2025 18:26:49

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the resolve_import_directory() function in versions 4.5.4 to 4.5.7. This makes it possible for authenticated attackers, w...

5.4

CVE-2024-6629

  • EPSS 0.37%
  • Veröffentlicht 24.07.2024 07:15:02
  • Zuletzt bearbeitet 21.11.2024 09:50:01

The All-in-One Video Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video shortcode in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping on user supplied at...

8.8

CVE-2024-31248

  • EPSS 0.53%
  • Veröffentlicht 09.06.2024 12:15:09
  • Zuletzt bearbeitet 02.12.2024 14:03:36

Missing Authorization vulnerability in Team Plugins360 All-in-One Video Gallery.This issue affects All-in-One Video Gallery: from n/a through 3.5.2.

8.8

CVE-2024-4670

  • EPSS 1.54%
  • Veröffentlicht 15.05.2024 13:15:26
  • Zuletzt bearbeitet 21.11.2024 09:43:20

The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.5 via the aiovg_search_form shortcode. This makes it possible for authenticated attackers, with contributor-level access...

8.8

CVE-2024-4033

  • EPSS 9.21%
  • Veröffentlicht 02.05.2024 17:15:33
  • Zuletzt bearbeitet 21.11.2024 09:42:04

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the aiovg_create_attachment_from_external_image_url function in all versions up to, and including, 3.6.4. This makes it p...

8.2

CVE-2022-2633

  • EPSS 89.04%
  • Veröffentlicht 06.09.2022 18:15:14
  • Zuletzt bearbeitet 21.11.2024 07:01:24

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the 'dl' parameter found in the ~/public/video.php file in versions up to, and including 2.6.0. This makes it possib...