Lucene search

K

Video Gallery Security Vulnerabilities

cve
cve

CVE-2024-35770

Cross-Site Request Forgery (CSRF) vulnerability in Dave Kiss Vimeography: Vimeo Video Gallery WordPress Plugin.This issue affects Vimeography: Vimeo Video Gallery WordPress Plugin: from n/a through...

8.8CVSS

4.6AI Score

0.001EPSS

2024-06-21 01:15 PM
24
cve
cve

CVE-2024-5724

The Photo Video Gallery Master plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.3 via deserialization of untrusted input 'PVGM_all_photos_details' parameter. This makes it possible for authenticated attackers, with Contributor-level access and...

8.8CVSS

8.8AI Score

0.001EPSS

2024-06-19 04:15 AM
25
cve
cve

CVE-2024-4258

The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the...

9.8CVSS

9.8AI Score

0.001EPSS

2024-06-15 09:15 AM
25
cve
cve

CVE-2024-4551

The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the display function. This makes it possible for authenticated attackers, with contributor access and higher, to include and...

6.4CVSS

6.8AI Score

0.0004EPSS

2024-06-15 09:15 AM
21
cve
cve

CVE-2024-31248

Missing Authorization vulnerability in Team Plugins360 All-in-One Video Gallery.This issue affects All-in-One Video Gallery: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-09 12:15 PM
28
cve
cve

CVE-2024-3268

The YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the emd_form_builder_lite_submit_form function in all versions up to, and including, 3.3.6. This makes it.....

5.3CVSS

6.6AI Score

0.0005EPSS

2024-05-21 12:15 PM
29
cve
cve

CVE-2024-4670

The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.5 via the aiovg_search_form shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary...

8.8CVSS

9.5AI Score

0.001EPSS

2024-05-15 01:15 PM
8
cve
cve

CVE-2024-34377

Missing Authorization vulnerability in A WP Life Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery.This issue affects Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery: from n/a through...

4.3CVSS

6.8AI Score

0.0004EPSS

2024-05-06 07:15 PM
34
cve
cve

CVE-2024-4033

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the aiovg_create_attachment_from_external_image_url function in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers, with...

8.8CVSS

7.6AI Score

0.001EPSS

2024-05-02 05:15 PM
36
cve
cve

CVE-2024-23515

Cross-Site Request Forgery (CSRF) vulnerability in Cincopa Post Video Players.This issue affects Post Video Players: from n/a through...

5.4CVSS

6.8AI Score

0.0004EPSS

2024-03-27 02:15 PM
43
cve
cve

CVE-2024-0825

The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.3.2 via deserialization of untrusted input via the vimeography_duplicate_gallery_serialized in the duplicate_gallery function. This makes it...

8.8CVSS

8.7AI Score

0.0004EPSS

2024-03-05 02:15 AM
65
cve
cve

CVE-2023-49178

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mr. Hdwplayer HDW Player Plugin (Video Player & Video Gallery) allows Reflected XSS.This issue affects HDW Player Plugin (Video Player & Video Gallery): from n/a through...

7.1CVSS

6.5AI Score

0.0005EPSS

2023-12-15 03:15 PM
37
cve
cve

CVE-2023-45069

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Video Gallery by Total-Soft Video Gallery – Best WordPress YouTube Gallery Plugin allows SQL Injection.This issue affects Video Gallery – Best WordPress YouTube Gallery Plugin: from n/a through...

9.8CVSS

9.8AI Score

0.001EPSS

2023-11-06 09:15 AM
48
cve
cve

CVE-2023-5945

The video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the responsive_video_gallery_with_lightbox_video_management_func() function. This makes it possible for unauthenticated...

5.4CVSS

5.5AI Score

0.001EPSS

2023-11-03 01:15 PM
63
cve
cve

CVE-2023-45630

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3...

7.1CVSS

5.7AI Score

0.0005EPSS

2023-10-18 02:15 PM
17
cve
cve

CVE-2023-45629

Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3...

8.8CVSS

8.8AI Score

0.001EPSS

2023-10-16 09:15 AM
27
cve
cve

CVE-2023-40558

Cross-Site Request Forgery (CSRF) vulnerability in eMarket Design YouTube Video Gallery by YouTube Showcase plugin <= 3.3.5...

8.8CVSS

8.8AI Score

0.001EPSS

2023-10-03 02:15 PM
22
cve
cve

CVE-2023-4841

The Feeds for YouTube for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube-feed' shortcode in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated.....

6.4CVSS

5.3AI Score

0.001EPSS

2023-09-14 03:15 AM
25
cve
cve

CVE-2023-25477

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yotuwp Video Gallery plugin <= 1.3.12...

5.9CVSS

4.8AI Score

0.0004EPSS

2023-09-01 11:15 AM
24
cve
cve

CVE-2023-32597

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Video Gallery plugin <= 1.0.10...

7.1CVSS

6AI Score

0.0005EPSS

2023-08-30 12:15 PM
15
cve
cve

CVE-2023-32797

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution video carousel slider with lightbox plugin <= 1.0.22...

7.1CVSS

6AI Score

0.0005EPSS

2023-08-25 12:15 PM
23
cve
cve

CVE-2015-10109

A vulnerability was found in Video Playlist and Gallery Plugin up to 1.136 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the file wp-media-cincopa.php. The manipulation leads to cross-site request forgery. The attack may be launched...

8.8CVSS

8.6AI Score

0.001EPSS

2023-06-01 01:15 PM
16
cve
cve

CVE-2023-2708

The Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS

6.2AI Score

0.001EPSS

2023-05-16 03:15 AM
12
cve
cve

CVE-2023-2710

The video carousel slider with lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS

6.2AI Score

0.001EPSS

2023-05-16 03:15 AM
10
cve
cve

CVE-2023-25979

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Video Gallery by Total-Soft Video Gallery plugin <= 1.7.6...

5.9CVSS

4.8AI Score

0.0005EPSS

2023-05-03 02:15 PM
18
cve
cve

CVE-2022-47603

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.1...

7.1CVSS

6AI Score

0.001EPSS

2023-03-29 07:15 PM
22
cve
cve

CVE-2023-0441

The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 has an AJAX endpoint that can be accessed by any authenticated users, such as subscriber. The callback function allows numerous actions, the most serious one being reading and updating the WordPress options which could be used to...

8.1CVSS

7.8AI Score

0.001EPSS

2023-03-27 04:15 PM
37
cve
cve

CVE-2014-5186

SQL injection vulnerability in the All Video Gallery (all-video-gallery) plugin 1.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit action in the allvideogallery_videos page to...

8.3AI Score

0.001EPSS

2022-10-03 04:20 PM
18
cve
cve

CVE-2014-5180

SQL injection vulnerability in the videos page in the HDW Player Plugin (hdw-player-video-player-video-gallery) 2.4.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the edit action to...

8.3AI Score

0.002EPSS

2022-10-03 04:20 PM
20
cve
cve

CVE-2014-9097

Multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly as distributed before 2014-07-23, for WordPress allow (1) remote attackers to execute arbitrary SQL commands via the vid parameter in a myextract action to...

8.3AI Score

0.002EPSS

2022-10-03 04:20 PM
21
cve
cve

CVE-2014-9098

Multiple cross-site scripting (XSS) vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly before 2014-07-23, for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the videoadssearchQuery parameter to (1)...

5.7AI Score

0.001EPSS

2022-10-03 04:20 PM
18
cve
cve

CVE-2014-3923

Multiple cross-site scripting (XSS) vulnerabilities in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the logoLink parameter to (1) preview.swf, (2) preview_skin_rouge.swf, (3) preview_allchars.swf, or (4)...

5.9AI Score

0.002EPSS

2022-10-03 04:20 PM
26
cve
cve

CVE-2012-6653

Unspecified vulnerability in the All Video Gallery (all-video-gallery) plugin before 1.2.0 for WordPress has unspecified impact and attack...

6.9AI Score

0.012EPSS

2022-10-03 04:15 PM
17
cve
cve

CVE-2022-2633

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the 'dl' parameter found in the ~/public/video.php file in versions up to, and including 2.6.0. This makes it possible for unauthenticated users to download...

8.2CVSS

8.2AI Score

0.032EPSS

2022-09-06 06:15 PM
39
5
cve
cve

CVE-2022-35726

Broken Authentication vulnerability in yotuwp Video Gallery plugin <= 1.3.4.5 at...

9.8CVSS

9.4AI Score

0.002EPSS

2022-08-23 04:15 PM
39
3
cve
cve

CVE-2022-1946

The Gallery WordPress plugin before 2.0.0 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting...

6.1CVSS

6AI Score

0.001EPSS

2022-07-04 01:15 PM
41
16
cve
cve

CVE-2022-0826

The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated...

9.8CVSS

9.8AI Score

0.04EPSS

2022-05-09 05:15 PM
62
6
cve
cve

CVE-2021-24970

The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sanitise and validate the tab parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion...

7.2CVSS

6.8AI Score

0.025EPSS

2021-12-13 11:15 AM
25
cve
cve

CVE-2021-24515

The Video Gallery WordPress plugin before 1.1.5 does not escape the Title and Description of the videos in a gallery before outputting them in attributes, leading to Stored Cross-Site Scripting...

4.8CVSS

4.9AI Score

0.001EPSS

2021-10-25 02:15 PM
24
cve
cve

CVE-2021-24415

The Polo Video Gallery – Best wordpress video gallery plugin WordPress plugin through 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the...

5.4CVSS

5.3AI Score

0.001EPSS

2021-10-18 02:15 PM
23
cve
cve

CVE-2021-24667

A stored cross-site scripting vulnerability has been discovered in : Simply Gallery Blocks with Lightbox (Version – 2.2.0 & below). The vulnerability exists in the Lightbox functionality where a user with low privileges is allowed to execute arbitrary script code within the context of the...

5.4CVSS

5.4AI Score

0.001EPSS

2021-08-30 03:15 PM
29
cve
cve

CVE-2017-17872

The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category...

9.8CVSS

9.8AI Score

0.003EPSS

2017-12-27 05:08 PM
25
cve
cve

CVE-2016-1000123

Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for...

9.8CVSS

9.8AI Score

0.005EPSS

2016-10-06 02:59 PM
34
cve
cve

CVE-2015-7527

lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows remote attackers to execute arbitrary code via shell metacharacters in the "Width of preview image" and possibly other input fields in the "Video Gallery Settings"...

8AI Score

0.054EPSS

2015-12-17 07:59 PM
24
cve
cve

CVE-2015-2065

SQL injection vulnerability in videogalleryrss.php in the Apptha WordPress Video Gallery (contus-video-gallery) plugin before 2.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the vid parameter in a rss action to...

8.6AI Score

0.012EPSS

2015-02-24 05:59 PM
28
cve
cve

CVE-2014-9094

Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand...

5.9AI Score

0.259EPSS

2014-11-26 03:59 PM
27
cve
cve

CVE-2013-3478

SQL injection vulnerability in Apptha WordPress Video Gallery 2.0, 1.6, and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the playid parameter to...

8.8AI Score

0.003EPSS

2014-03-05 04:37 PM
19
cve
cve

CVE-2010-4875

Cross-site scripting (XSS) vulnerability in vodpod-video-gallery/vodpod_gallery_thumbs.php in the Vodpod Video Gallery Plugin 3.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gid...

6AI Score

0.008EPSS

2011-10-07 10:55 AM
24
cve
cve

CVE-2004-1971

modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to gain sensitive information via an HTTP request with an invalid (1) catid or (2) clipid parameter, which reveals the full path in an error...

7AI Score

0.005EPSS

2005-05-10 04:00 AM
20