Vulnerabilities > CVE-2021-24970 - Unspecified vulnerability in Plugins360 All-In-One Video Gallery

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

plugins360

NVD

Published: 2021-12-13

Updated: 2024-11-21

Summary

The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sanitise and validate the tab parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue

Vulnerable Configurations

Part	Description	Count
Application	Plugins360 Plugins360 ALL IN ONE Video Gallery - Plugins360 ALL IN ONE Video Gallery 2.4.0 Plugins360 ALL IN ONE Video Gallery 2.4.1 Plugins360 ALL IN ONE Video Gallery 2.4.2 Plugins360 ALL IN ONE Video Gallery 2.4.3 Plugins360 ALL IN ONE Video Gallery 2.4.4 Plugins360 ALL IN ONE Video Gallery 2.4.5 Plugins360 ALL IN ONE Video Gallery 2.4.6 Plugins360 ALL IN ONE Video Gallery 2.4.7 Plugins360 ALL IN ONE Video Gallery 2.4.8 Plugins360 ALL IN ONE Video Gallery 2.4.9	11

Summary

Vulnerable Configurations

References