3 matches found
All-In-One Video Gallery <=2.6.0 - Server-Side Request Forgery
WordPress All-in-One Video Gallery plugin through 2.6.0 is susceptible to arbitrary file download and server-side request forgery SSRF via the 'dl' parameter found in the /public/video.php file. An attacker can download sensitive files hosted on the affected server and forge requests to the serve...
CVE-2022-2633
The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the 'dl' parameter found in the /public/video.php file in versions up to, and including 2.6.0. This makes it possible for unauthenticated users to download sensiti...
CVE-2022-2633
CVE-2022-2633 affects the WordPress All-In-One Video Gallery plugin (versions up to 2.6.0). The root cause is improper handling of the dl parameter in ~/public/video.php, enabling unauthenticated arbitrary file downloads and server-side request forgery (SSRF). Impact is unauthenticated access to ...