Vulnerabilidades en plugins360
11 resultadosCVE-2022-2633HIGHThe All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the 'dEPSS 24.5%CVE-2024-4033HIGHAll-in-One Video Gallery <= 3.6.4 - Authenticated (Contributor+) Arbitrary File Upload via featured imageEPSS 1.6%CVE-2024-4670HIGHAll-in-One Video Gallery <= 3.6.5 - Authenticated (Contributor+) Local File Inclusion via aiovg_search_form ShortcodeEPSS 0.6%CVE-2025-12957HIGHAll-in-One Video Gallery <= 4.5.7 - Authenticated (Author+) Arbitrary File Upload via VTT Upload BypassEPSS 0.6%CVE-2025-12966HIGHAll-in-One Video Gallery 4.5.4 - 4.5.7 – Authenticated (Author+) Arbitrary File Upload via Import ZIPEPSS 0.4%CVE-2022-4974MEDIUMFreemius SDK <= 2.4.2 - Missing Authorization ChecksEPSS 0.4%CVE-2025-14947MEDIUMAll-in-One Video Gallery <= 4.6.4 - Missing Authorization to Unauthenticated Bunny Stream Video Creation/DeletionEPSS 0.4%CVE-2024-6629MEDIUMAll-in-One Video Gallery <= 3.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video ShortcodeEPSS 0.3%CVE-2024-13362MEDIUMFreemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url ParameterEPSS 0.3%CVE-2026-1706MEDIUMAll-in-One Video Gallery <= 4.7.1 - Reflected Cross-Site Scripting via 'vi' ParameterEPSS 0.2%CVE-2025-15516MEDIUMAll-in-One Video Gallery 4.1.0 - 4.6.4 - Missing Authorization to Authenticated (Subscriber+) Limited User Meta UpdateEPSS 0.2%