Vulnerabilities > Plugins360 > ALL IN ONE Video Gallery > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-09 | CVE-2024-31248 | Unspecified vulnerability in Plugins360 All-In-One Video Gallery Missing Authorization vulnerability in Team Plugins360 All-in-One Video Gallery.This issue affects All-in-One Video Gallery: from n/a through 3.5.2. | 8.8 |
| 2022-09-06 | CVE-2022-2633 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Plugins360 All-In-One Video Gallery 2.5.8/2.5.9/2.6.0 The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the 'dl' parameter found in the ~/public/video.php file in versions up to, and including 2.6.0. | 8.2 |
| 2021-12-13 | CVE-2021-24970 | Unspecified vulnerability in Plugins360 All-In-One Video Gallery The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sanitise and validate the tab parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue | 7.2 |