CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45069 – WordPress Video Gallery – YouTube Gallery Plugin <= 2.1.3 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-45069
03 Oct 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Video Gallery by Total-Soft Video Gallery – Best WordPress YouTube Gallery Plugin allows SQL Injection.This issue affects Video Gallery – Best WordPress YouTube Gallery Plugin: from n/a through 2.1.3. La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Video Gallery de Total-Soft Video Gallery - Best WordPress YouTube Gallery Plugin permi... • https://patchstack.com/database/vulnerability/gallery-videos/wordpress-gallery-video-plugin-2-0-2-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32597 – WordPress Video Gallery Plugin <= 1.0.10 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-32597
30 Aug 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Video Gallery plugin <= 1.0.10 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada en el plugin Video Gallery de I Thirteen Web Solution que afecta a las versiones 1.0.10 e inferiores. Para explotar esta vulnerabilidad no hace falta estar autenticado. Unauth. • https://patchstack.com/database/vulnerability/video-slider-with-thumbnails/wordpress-video-gallery-plugin-1-0-10-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25477 – WordPress Video Gallery Plugin <= 1.3.12 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-25477
07 Jul 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yotuwp Video Gallery plugin <= 1.3.12 versions. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) Autenticada Almacenada (admin+) en el plugin Yotuwp Video Gallery en las versiones anteriores e incluyendo a la v1.3.12. The Video Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticat... • https://patchstack.com/database/vulnerability/yotuwp-easy-youtube-embed/wordpress-video-gallery-youtube-playlist-channel-gallery-by-yotuwp-plugin-1-3-12-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2708 – Video Gallery <= 1.0.10 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-2708
15 May 2023 — The Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. The Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via th... • https://plugins.trac.wordpress.org/browser/video-slider-with-thumbnails/tags/1.0.10/video-slider-with-thumbnails.php#L1103 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25979 – WordPress Video Gallery – YouTube Gallery Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-25979
20 Feb 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Video Gallery by Total-Soft Video Gallery plugin <= 1.7.6 versions. The Video Gallery – YouTube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user a... • https://patchstack.com/database/vulnerability/gallery-videos/wordpress-video-gallery-youtube-gallery-plugin-1-7-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35726 – WordPress Video Gallery plugin <= 1.3.4.5 - Broken Authentication vulnerability
https://notcve.org/view.php?id=CVE-2022-35726
22 Aug 2022 — Broken Authentication vulnerability in yotuwp Video Gallery plugin <= 1.3.4.5 at WordPress. Una vulnerabilidad de Autenticación Rota en el plugin yotuwp Video Gallery versiones anteriores a 1.3.4.5 incluyéndola, en WordPress. The Video Gallery plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deletecache function in versions up to, and including, 1.3.8. This makes it possible for unauthenticated attackers to clear the plugin's cache. The plugin added an "is_... • https://patchstack.com/database/vulnerability/yotuwp-easy-youtube-embed/wordpress-video-gallery-plugin-1-3-4-5-broken-authentication • CWE-287: Improper Authentication CWE-862: Missing Authorization •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24515 – Video Gallery - Vimeo and YouTube Gallery < 1.1.5 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24515
21 Sep 2021 — The Video Gallery WordPress plugin before 1.1.5 does not escape the Title and Description of the videos in a gallery before outputting them in attributes, leading to Stored Cross-Site Scripting issues El plugin Video Gallery WordPress antes de la versión 1.1.5 no escapa al Título y a la Descripción de los vídeos de una galería antes de mostrarlos en los atributos, lo que provoca problemas de Stored Cross-Site Scripting • https://wpscan.com/vulnerability/6bbea7fe-e966-406b-ad06-0206fcc6f0a0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 3CVE-2016-1000123 – Joomla! Component Huge-IT Video Gallery 1.0.9 - SQL Injection
https://notcve.org/view.php?id=CVE-2016-1000123
22 Sep 2016 — Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla Vulnerabilidad de inyección SQL no autenticada en Huge-IT Video Gallery v1.0.9 para Joomla Joomla Huge-IT Video Gallery component version 1.0.9 suffers from a remote unauthenticated SQL injection vulnerability. • https://packetstorm.news/files/id/138813 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2004-1971
https://notcve.org/view.php?id=CVE-2004-1971
26 Apr 2004 — modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to gain sensitive information via an HTTP request with an invalid (1) catid or (2) clipid parameter, which reveals the full path in an error message. • http://marc.info/?l=bugtraq&m=108308660628557&w=2 •