Vulnerabilities > Plugins360

DATE	CVE	VULNERABILITY TITLE	RISK
2022-09-06	CVE-2022-2633	Externally Controlled Reference to a Resource in Another Sphere vulnerability in Plugins360 All-In-One Video Gallery 2.5.8/2.5.9/2.6.0 The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the 'dl' parameter found in the ~/public/video.php file in versions up to, and including 2.6.0. network low complexity plugins360 CWE-610	8.2
2021-12-13	CVE-2021-24970	Path Traversal vulnerability in Plugins360 All-In-One Video Gallery The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sanitise and validate the tab parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue network low complexity plugins360 CWE-22	6.5

Vulnerabilities > Plugins360 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Plugins360"}]}