Lucene search
K

605 matches found

Nuclei
Nuclei
added 11 hours ago36 views

All-In-One Video Gallery <=2.6.0 - Server-Side Request Forgery

WordPress All-in-One Video Gallery plugin through 2.6.0 is susceptible to arbitrary file download and server-side request forgery SSRF via the 'dl' parameter found in the /public/video.php file. An attacker can download sensitive files hosted on the affected server and forge requests to the serve...

8.2CVSS7AI score0.25869EPSS
Exploits0References5
Nuclei
Nuclei
added 11 hours ago44 views

WordPress WP Video Gallery <=1.7.1 - SQL Injection

WordPress WP Video Gallery plugin through 1.7.1 contains a SQL injection vulnerability. The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...

9.8CVSS7.1AI score0.09238EPSS
Exploits1References5
Nuclei
Nuclei
added 11 hours ago28 views

WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting

WordPress HDW Video Gallery 1.2 and before contains a cross-site scripting vulnerability via playlist.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.6AI score0.0465EPSS
Exploits2References4
NVD
NVD
added 3 days ago7 views

CVE-2026-12123

The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.8.5 via the 'vdl' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locatio...

6.4CVSS0.00246EPSS
Exploits0References12
Patchstack
Patchstack
added 3 days ago3 views

WordPress All-in-One Video Gallery plugin <= 4.8.5 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by KoreaInfoSec - Korea University in WordPress Plugin All-in-One Video Gallery versions = 4.8.5...

6.4CVSS6.1AI score0.00246EPSS
Exploits0References1Affected Software1
CVE
CVE
added 3 days ago9 views

CVE-2026-12123

CVE-2026-12123 describes a Server-Side Request Forgery in the WordPress plugin All-in-One Video Gallery (versions

6.4CVSS6AI score0.00246EPSS
Exploits0References12
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-42828

The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.8.5 via the 'vdl' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locatio...

6.4CVSS6.2AI score0.00246EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 3 days ago9 views

CVE-2026-12123

The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.8.5 via the 'vdl' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locatio...

6.4CVSS6.2AI score0.00246EPSS
Exploits0References13
NVD
NVD
added 2026/07/02 10:16 a.m.10 views

CVE-2026-10104

The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via customthumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS0.00263EPSS
Exploits1References8
EUVD
EUVD
added 2026/07/02 8:33 a.m.9 views

EUVD-2026-41269

The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via customthumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS5.9AI score0.00263EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2026/07/02 8:33 a.m.4 views

CVE-2026-10104

The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via customthumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS5.9AI score0.00263EPSS
Exploits1References9
Cvelist
Cvelist
added 2026/07/02 8:33 a.m.37 views

CVE-2026-10104 Product Video Gallery for Woocommerce <= 1.5.1.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via custom_thumbnail Parameter

The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via customthumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS0.00263EPSS
Exploits1References8
Patchstack
Patchstack
added 2026/07/01 8:6 p.m.5 views

WordPress Product Video Gallery for Woocommerce plugin <= 1.5.1.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting vulnerability

Authenticated Shop Manager+ Stored Cross-Site Scripting vulnerability discovered by Ravindu Lakmina Munaweera in WordPress Plugin Product Video Gallery for Woocommerce versions = 1.5.1.8...

4.4CVSS5.8AI score0.00263EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/04/21 10:49 p.m.43 views

CVE-2026-41061 WWBN AVideo Vulnerable to stored XSS via Unanchored Duration Regex in Video Encoder Receiver

WWBN AVideo is an open source video platform. In versions 29.0 and below, the isValidDuration regex at objects/video.php:918 uses /^0-91,2:0-91,2:0-91,2/ without a $ end anchor, allowing arbitrary HTML/JavaScript to be appended after a valid duration prefix. The crafted duration is stored in the...

5.4CVSS0.00173EPSS
Exploits1References2
Patchstack
Patchstack
added 2026/04/14 11:35 a.m.6 views

WordPress Video gallery and Player plugin <= 2.8.7 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin Video gallery and Player versions = 2.8.7...

5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/24 9:11 a.m.7 views

WordPress Video & Photo Gallery for Ultimate Member plugin <= 1.1.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin Video & Photo Gallery for Ultimate Member versions = 1.1.1...

6.1CVSS7.3AI score0.00406EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/05 1:40 p.m.6 views

CVE-2026-1706

The All-in-One Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'vi' parameter in all versions up to, and including, 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS6.1AI score0.00231EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/04 12:30 p.m.5 views

EUVD-2026-9388

The All-in-One Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'vi' parameter in all versions up to, and including, 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS6.1AI score0.00231EPSS
Exploits0References5
NVD
NVD
added 2026/03/04 10:16 a.m.10 views

CVE-2026-1706

The All-in-One Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'vi' parameter in all versions up to, and including, 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS0.00231EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/04 9:24 a.m.4 views

CVE-2026-1706 All-in-One Video Gallery <= 4.7.1 - Reflected Cross-Site Scripting via 'vi' Parameter

The All-in-One Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'vi' parameter in all versions up to, and including, 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS6.1AI score0.00231EPSS
Exploits0References4
Rows per page
Query Builder