CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35726 – WordPress Video Gallery plugin <= 1.3.4.5 - Broken Authentication vulnerability
https://notcve.org/view.php?id=CVE-2022-35726
Broken Authentication vulnerability in yotuwp Video Gallery plugin <= 1.3.4.5 at WordPress. Una vulnerabilidad de Autenticación Rota en el plugin yotuwp Video Gallery versiones anteriores a 1.3.4.5 incluyéndola, en WordPress. The Video Gallery plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deletecache function in versions up to, and including, 1.3.8. This makes it possible for unauthenticated attackers to clear the plugin's cache. The plugin added an "is_admin" check in version 1.3.5 but this would not be sufficient access control to prevent even unauthenticated attackers from exploiting the vulnerability. • https://patchstack.com/database/vulnerability/yotuwp-easy-youtube-embed/wordpress-video-gallery-plugin-1-3-4-5-broken-authentication https://wordpress.org/plugins/yotuwp-easy-youtube-embed/#developers • CWE-287: Improper Authentication CWE-862: Missing Authorization •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24515 – Video Gallery - Vimeo and YouTube Gallery < 1.1.5 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24515
The Video Gallery WordPress plugin before 1.1.5 does not escape the Title and Description of the videos in a gallery before outputting them in attributes, leading to Stored Cross-Site Scripting issues El plugin Video Gallery WordPress antes de la versión 1.1.5 no escapa al Título y a la Descripción de los vídeos de una galería antes de mostrarlos en los atributos, lo que provoca problemas de Stored Cross-Site Scripting • https://wpscan.com/vulnerability/6bbea7fe-e966-406b-ad06-0206fcc6f0a0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2016-1000123 – Joomla! Component Huge-IT Video Gallery 1.0.9 - SQL Injection
https://notcve.org/view.php?id=CVE-2016-1000123
Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla Vulnerabilidad de inyección SQL no autenticada en Huge-IT Video Gallery v1.0.9 para Joomla Joomla Huge-IT Video Gallery component version 1.0.9 suffers from a remote unauthenticated SQL injection vulnerability. • https://www.exploit-db.com/exploits/42596 http://huge-it.com/joomla-video-gallery http://www.securityfocus.com/bid/93107 http://www.vapidlabs.com/advisory.php?v=169 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2004-1971
https://notcve.org/view.php?id=CVE-2004-1971
modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to gain sensitive information via an HTTP request with an invalid (1) catid or (2) clipid parameter, which reveals the full path in an error message. • http://marc.info/?l=bugtraq&m=108308660628557&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/15978 •