All-in-one Video Gallery Security Vulnerabilities and Issues — All-in-one Video Gallery CVE List

Lucene search

Plugins360All-in-one Video Gallery

4 matches found

CVE•added 2024/05/02 5:15 p.m.•100 views

CVE-2024-4033

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the aiovg_create_attachment_from_external_image_url function in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers, with contrib...

8.8CVSS7.6AI score0.10112EPSS

CVE•added 2022/09/06 6:15 p.m.•61 views

CVE-2022-2633

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the 'dl' parameter found in the ~/public/video.php file in versions up to, and including 2.6.0. This makes it possible for unauthenticated users to download sensitiv...

8.2CVSS8.2AI score0.89171EPSS

CVE•added 2024/06/09 12:15 p.m.•42 views

CVE-2024-31248

Missing Authorization vulnerability in Team Plugins360 All-in-One Video Gallery.This issue affects All-in-One Video Gallery: from n/a through 3.5.2.

8.8CVSS4.7AI score0.00386EPSS

CVE•added 2024/05/15 1:15 p.m.•38 views

CVE-2024-4670

The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.5 via the aiovg_search_form shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary file...

8.8CVSS9.5AI score0.00448EPSS