Vulnerability in Emarket-design Video Gallery – Youtube Gallery, Playlist & Grid

CVE-2026-12923

The Youtube Showcase plugin for WordPress is vulnerable to Arbitrary Function Call in versions up to and including 4.0.3. This is due to insufficient validation of the 'path' parameter in the emd_delete_file() AJAX handler in includes/comm…

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-12923?
CVE-2026-12923 is a high-severity vulnerability in Emarket-design Video Gallery – Youtube Gallery, Playlist & Grid, classified under PHP Remote File Inclusion. CVSS score: 7.5/10. Published 2026-07-01.
How severe is CVE-2026-12923?
High severity. CVSS v3 base score is 7.5 out of 10.