All-in-one Video Gallery Security Vulnerabilities and Issues — All-in-one Video Gallery CVE List

Lucene search

Plugins360All-in-one Video Gallery

4 matches found

CVE•added 2024/05/02 5:15 p.m.•100 views

CVE-2024-4033

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the aiovg_create_attachment_from_external_image_url function in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers, with contrib...

8.8CVSS7.6AI score0.10112EPSS

CVE•added 2024/06/09 12:15 p.m.•42 views

CVE-2024-31248

Missing Authorization vulnerability in Team Plugins360 All-in-One Video Gallery.This issue affects All-in-One Video Gallery: from n/a through 3.5.2.

8.8CVSS4.7AI score0.00386EPSS

CVE•added 2024/07/24 7:15 a.m.•39 views

CVE-2024-6629

The All-in-One Video Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video shortcode in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS5.7AI score0.00107EPSS

CVE•added 2024/05/15 1:15 p.m.•38 views

CVE-2024-4670

The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.5 via the aiovg_search_form shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary file...

8.8CVSS9.5AI score0.00448EPSS