VYPR

All In One Video Gallery

by WordPress

Source repositories

CVEs (7)

  • CVE-2024-4033HigMay 2, 2024
    risk 0.58cvss 8.8epss 0.02

    The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the aiovg_create_attachment_from_external_image_url function in all versions up to, and including, 3.6.4. This makes it possible for authenticated…

  • CVE-2025-12957HigJan 16, 2026
    risk 0.50cvss 8.8epss 0.01

    The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 4.5.7. This is due to insufficient file type validation detecting VTT files, allowing double extension files to bypass sanitization while being accepted…

  • CVE-2024-4670HigMay 15, 2024
    risk 0.50cvss 8.8epss 0.01

    The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.5 via the aiovg_search_form shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and…

  • CVE-2025-15516MedJan 24, 2026
    risk 0.28cvss 4.3epss 0.00

    The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_callback_store_user_meta() function in versions 4.1.0 to 4.6.4. This makes it possible for authenticated attackers, with…

  • CVE-2022-2633Sep 6, 2022
    risk 0.07cvss epss 0.25

    The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the 'dl' parameter found in the ~/public/video.php file in versions up to, and including 2.6.0. This makes it possible for unauthenticated users…

  • CVE-2021-24970Dec 13, 2021
    risk 0.01cvss epss 0.06

    The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sanitise and validate the tab parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue

  • CVE-2024-31248Jun 9, 2024
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in Team Plugins360 All-in-One Video Gallery.This issue affects All-in-One Video Gallery: from n/a through 3.5.2.