3 matches found
WordPress All-in-One Video Gallery plugin <= 4.5.7 - Authenticated (Author+) Arbitrary File Upload via VTT Upload Bypass vulnerability
Authenticated Author+ Arbitrary File Upload via VTT Upload Bypass vulnerability discovered by mikemyers in WordPress Plugin All-in-One Video Gallery versions = 4.5.7...
CVE-2025-12957 All-in-One Video Gallery <= 4.5.7 - Authenticated (Author+) Arbitrary File Upload via VTT Upload Bypass
The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 4.5.7. This is due to insufficient file type validation detecting VTT files, allowing double extension files to bypass sanitization while being accepted as a valid VTT...
CVE-2025-12957
The CVE-2025-12957 entry concerns All-in-One Video Gallery for WordPress (versions up to 4.5.7) with an authenticated file upload flaw. Inadequate validation treats VTT files as valid, enabling double-extensions to bypass sanitization and allow uploading arbitrary files by an author+ privileged u...