VYPR

All Video Gallery

by WordPress

CVEs (5)

  • CVE-2025-14947MedJan 23, 2026
    risk 0.35cvss 6.5epss 0.00

    The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `ajax_callback_create_bunny_stream_video`, `ajax_callback_get_bunny_stream_video`, and `ajax_callback_delete_bunny_stream_video`…

  • CVE-2026-1706MedMar 4, 2026
    risk 0.33cvss 6.1epss 0.00

    The All-in-One Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'vi' parameter in all versions up to, and including, 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers…

  • CVE-2012-6653Aug 6, 2014
    risk 0.04cvss epss 0.07

    Unspecified vulnerability in the All Video Gallery (all-video-gallery) plugin before 1.2.0 for WordPress has unspecified impact and attack vectors.

  • CVE-2024-6629Jul 24, 2024
    risk 0.00cvss epss 0.00

    The All-in-One Video Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video shortcode in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2014-5186Aug 6, 2014
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in the All Video Gallery (all-video-gallery) plugin 1.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit action in the allvideogallery_videos page to wp-admin/admin.php.