64 matches found
CVE-2026-1706
CVE-2026-1706 : All-in-One Video Gallery for WordPress has a Reflected Cross-Site Scripting flaw via the vi parameter in versions up to 4.7.1. Insufficient input sanitization/output escaping allows unauthenticated attackers to inject scripts on pages that a user may perform actions on (e.g., clic...
CVE-2025-15516
The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcallbackstoreusermeta function in versions 4.1.0 to 4.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...
CVE-2025-15516 All-in-One Video Gallery 4.1.0 - 4.6.4 - Missing Authorization to Authenticated (Subscriber+) Limited User Meta Update
The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcallbackstoreusermeta function in versions 4.1.0 to 4.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...
CVE-2025-15516 All-in-One Video Gallery 4.1.0 - 4.6.4 - Missing Authorization to Authenticated (Subscriber+) Limited User Meta Update
The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcallbackstoreusermeta function in versions 4.1.0 to 4.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...
CVE-2025-12966
The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the resolveimportdirectory function in versions 4.5.4 to 4.5.7. This makes it possible for authenticated attackers, with Author-level access and above, to upload...
CVE-2025-12966 All-in-One Video Gallery 4.5.4 - 4.5.7 – Authenticated (Author+) Arbitrary File Upload via Import ZIP
The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the resolveimportdirectory function in versions 4.5.4 to 4.5.7. This makes it possible for authenticated attackers, with Author-level access and above, to upload...
PT-2025-49357
Name of the Vulnerable Software and Affected Versions All-in-One Video Gallery versions 4.5.4 through 4.5.7 Description The All-in-One Video Gallery plugin for WordPress has a flaw that allows unauthorized file uploads. This is due to a lack of proper file type checking within the resolve import...
EUVD-2021-11427
Malware in sbrugna...
EUVD-2014-8924
Malware in sbrugna...
EUVD-2023-29866
Malicious code in bioql PyPI...
EUVD-2024-35528
Malicious code in bioql PyPI...
EUVD-2023-36840
Malicious code in bioql PyPI...
EUVD-2023-34172
Malicious code in bioql PyPI...
EUVD-2024-50402
Malicious code in bioql PyPI...
CVE-2025-48349 WordPress Video Gallery – Vimeo and YouTube Gallery plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in origincode Video Gallery – Vimeo and YouTube Gallery allows Stored XSS. This issue affects Video Gallery – Vimeo and YouTube Gallery: from n/a through 1.1.7...
WordPress plugin Video Gallery – Vimeo and YouTube Gallery 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
CVE-2024-9769
The Video Gallery – Best WordPress YouTube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-10535
The Video Gallery for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the removeunusedthumbnails function in all versions up to, and including, 1.31. This makes it possible for unauthenticated attackers to delete thumbnails ...
CVE-2023-25979
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Video Gallery by Total-Soft Video Gallery plugin = 1.7.6 versions...
CVE-2023-32597
Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Video Gallery plugin = 1.0.10 versions...