593 matches found
WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting
WordPress HDW Video Gallery 1.2 and before contains a cross-site scripting vulnerability via playlist.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...
WordPress WP Video Gallery <=1.7.1 - SQL Injection
WordPress WP Video Gallery plugin through 1.7.1 contains a SQL injection vulnerability. The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...
All-In-One Video Gallery <=2.6.0 - Server-Side Request Forgery
WordPress All-in-One Video Gallery plugin through 2.6.0 is susceptible to arbitrary file download and server-side request forgery SSRF via the 'dl' parameter found in the /public/video.php file. An attacker can download sensitive files hosted on the affected server and forge requests to the serve...
CVE-2026-41061 WWBN AVideo Vulnerable to stored XSS via Unanchored Duration Regex in Video Encoder Receiver
WWBN AVideo is an open source video platform. In versions 29.0 and below, the isValidDuration regex at objects/video.php:918 uses /^0-91,2:0-91,2:0-91,2/ without a $ end anchor, allowing arbitrary HTML/JavaScript to be appended after a valid duration prefix. The crafted duration is stored in the...
WordPress Video gallery and Player plugin <= 2.8.7 - Backdoor vulnerability
Backdoor vulnerability discovered by ? in WordPress Plugin Video gallery and Player versions = 2.8.7...
WordPress Video & Photo Gallery for Ultimate Member plugin <= 1.1.1 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin Video & Photo Gallery for Ultimate Member versions = 1.1.1...
CVE-2026-1706
The All-in-One Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'vi' parameter in all versions up to, and including, 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
EUVD-2026-9388
The All-in-One Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'vi' parameter in all versions up to, and including, 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
CVE-2026-1706
The All-in-One Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'vi' parameter in all versions up to, and including, 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
CVE-2026-1706
CVE-2026-1706 : All-in-One Video Gallery for WordPress has a Reflected Cross-Site Scripting flaw via the vi parameter in versions up to 4.7.1. Insufficient input sanitization/output escaping allows unauthenticated attackers to inject scripts on pages that a user may perform actions on (e.g., clic...
CVE-2026-1706 All-in-One Video Gallery <= 4.7.1 - Reflected Cross-Site Scripting via 'vi' Parameter
The All-in-One Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'vi' parameter in all versions up to, and including, 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
CVE-2026-1706
The All-in-One Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'vi' parameter in all versions up to, and including, 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
WordPress All-in-One Video Gallery plugin <= 4.7.1 - Reflected Cross-Site Scripting via 'vi' Parameter vulnerability
Reflected Cross-Site Scripting via 'vi' Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin All-in-One Video Gallery versions = 4.7.1...
WordPress plugin All-in-One Video Gallery 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-22898
The All-in-One Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'vi' parameter in all versions up to, and including, 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
WordPress plugin Modula Image Gallery – Photo Grid & Video Gallery 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
WordPress All-in-One Video Gallery plugin <= 4.5.7 - Authenticated (Author+) Arbitrary File Upload via VTT Upload Bypass vulnerability
Authenticated Author+ Arbitrary File Upload via VTT Upload Bypass vulnerability discovered by mikemyers in WordPress Plugin All-in-One Video Gallery versions = 4.5.7...
CVE-2025-14906
The WP Youtube Video Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce verification on the wpYTVideoGallerySettingSave function. This makes it possible for unauthenticated attackers to modify plugin...
CVE-2025-15516
The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcallbackstoreusermeta function in versions 4.1.0 to 4.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...
CVE-2025-14947
The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcallbackcreatebunnystreamvideo, ajaxcallbackgetbunnystreamvideo, and ajaxcallbackdeletebunnystreamvideo functions in all versions up to, and including,...