Vulnerability in Emarket-design Video Gallery – Youtube Gallery, Playlist & Grid
CVE-2026-12923
The Youtube Showcase plugin for WordPress is vulnerable to Arbitrary Function Call in versions up to and including 4.0.3. This is due to insufficient validation of the 'path' parameter in the emd_delete_file() AJAX handler in includes/comm…
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2026-12923?
- CVE-2026-12923 is a high-severity vulnerability in Emarket-design Video Gallery – Youtube Gallery, Playlist & Grid, classified under PHP Remote File Inclusion. CVSS score: 7.5/10. Published 2026-07-01.
- How severe is CVE-2026-12923?
- High severity. CVSS v3 base score is 7.5 out of 10.