Plugins360 All-in-one Video Gallery
10 CVEs affecting Plugins360 All-in-one Video Gallery. Latest disclosed: 2026-03-04. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-12957 | High | 8.8 | 2026-01-16 | The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 4.5.7. This is due to insufficie… |
CVE-2025-12966 | High | 8.8 | 2025-12-06 | The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the resolve_import_directory()… |
CVE-2024-4670 | High | 8.8 | 2024-05-15 | The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.5 via the aiovg_search_form s… |
CVE-2024-4033 | High | 8.8 | 2024-05-02 | The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the aiovg_create_attachment_fr… |
CVE-2022-2633 | High | 7.5 | 2022-09-06 | The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the 'dl' parameter found… |
CVE-2025-14947 | Medium | 6.5 | 2026-01-23 | The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `ajax_callback_cr… |
CVE-2024-6629 | Medium | 6.4 | 2024-07-24 | The All-in-One Video Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video shortcode in all versions up to, and incl… |
CVE-2022-4974 | Medium | 6.3 | 2024-10-16 | The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to… |
CVE-2026-1706 | Medium | 6.1 | 2026-03-04 | The All-in-One Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'vi' parameter in all versions up to, and including… |
CVE-2025-15516 | Medium | 4.3 | 2026-01-24 | The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_callback_sto… |