CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32121 – WordPress Video & Photo Gallery for Ultimate Member plugin <= 1.1.3 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-32121
04 Apr 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member allows SQL Injection. This issue affects Video & Photo Gallery for Ultimate Member: from n/a through 1.1.3. The Video & Photo Gallery for Ultimate Member plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin... • https://patchstack.com/database/wordpress/plugin/gallery-for-ultimate-member/vulnerability/wordpress-video-photo-gallery-for-ultimate-member-plugin-1-1-3-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22566 – WordPress ULTIMATE VIDEO GALLERY Plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-22566
18 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ULTIMATE VIDEO GALLERY allows Reflected XSS. This issue affects ULTIMATE VIDEO GALLERY: from n/a through 1.4. The ULTIMATE VIDEO GALLERY plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha... • https://patchstack.com/database/wordpress/plugin/ultimate-gallery/vulnerability/wordpress-ultimate-video-gallery-plugin-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22672 – WordPress Video & Photo Gallery for Ultimate Member plugin <= 1.1.2 - Server Side Request Forgery (SSRF) vulnerability
https://notcve.org/view.php?id=CVE-2025-22672
03 Feb 2025 — Server-Side Request Forgery (SSRF) vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member allows Server Side Request Forgery.This issue affects Video & Photo Gallery for Ultimate Member: from n/a through 1.1.2. The Video & Photo Gallery for Ultimate Member plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary l... • https://patchstack.com/database/wordpress/plugin/gallery-for-ultimate-member/vulnerability/wordpress-video-photo-gallery-for-ultimate-member-plugin-1-1-2-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54370 – WordPress Video & Photo Gallery for Ultimate Member plugin <= 1.1.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-54370
11 Dec 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member allows Upload a Web Shell to a Web Server.This issue affects Video & Photo Gallery for Ultimate Member: from n/a through 1.1.0. The Video & Photo Gallery for Ultimate Member plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with Subscriber-level ac... • https://patchstack.com/database/wordpress/plugin/gallery-for-ultimate-member/vulnerability/wordpress-video-photo-gallery-for-ultimate-member-plugin-1-1-0-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •