CVEs (4)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Plugins360 1All In One Video Gallery Jun 17, 2026 Jul 24, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The All-in-One Video Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video shortcode in all versions up to, and including, 3.7.1 due to insufficient input sanitization and outpu...Show more |
Missing Authorization vulnerability in Team Plugins360 All-in-One Video Gallery.This issue affects All-in-One Video Gallery: from n/a through 3.5.2. |
The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the 'dl' parameter found in the ~/public/video.php file in versions up to, and includi...Show more |
1Plugins360 1All In One Video Gallery Jun 17, 2026 Dec 13, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sanitise and validate the tab parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue |