VYPR

All Video Gallery

by All Video Gallery Plugin Project

Source repositories

CVEs (6)

  • CVE-2024-4670HigMay 15, 2024
    risk 0.50cvss 8.8epss 0.01

    The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.5 via the aiovg_search_form shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and…

  • CVE-2025-14947MedJan 23, 2026
    risk 0.35cvss 6.5epss 0.00

    The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `ajax_callback_create_bunny_stream_video`, `ajax_callback_get_bunny_stream_video`, and `ajax_callback_delete_bunny_stream_video`…

  • CVE-2026-1706MedMar 4, 2026
    risk 0.33cvss 6.1epss 0.00

    The All-in-One Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'vi' parameter in all versions up to, and including, 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers…

  • CVE-2025-15516MedJan 24, 2026
    risk 0.28cvss 4.3epss 0.00

    The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_callback_store_user_meta() function in versions 4.1.0 to 4.6.4. This makes it possible for authenticated attackers, with…

  • CVE-2024-6629Jul 24, 2024
    risk 0.00cvss epss 0.00

    The All-in-One Video Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video shortcode in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2014-5186Aug 6, 2014
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in the All Video Gallery (all-video-gallery) plugin 1.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit action in the allvideogallery_videos page to wp-admin/admin.php.