WordPress Plugin Vulnerabilities

All-in-One Video Gallery 2.5.8 - 2.6.0 - Unauthenticated Arbitrary File Download & SSRF

Description

The plugin does not validate the dl parameter which could allow unauthenticated users to download arbitrary files from the server, as well as perform SSRF attacks

Affects Plugins

Plugin icon
all-in-one-video-gallery
Fixed in 2.6.1

References

CVE
CVE-2022-2633

Classification

Type
FILE DOWNLOAD
OWASP top 10
A1: Injection
CWE
CWE-552
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Gabriele Zuddas
Verified
Yes
WPVDB ID
852c257c-929a-4e4e-b85e-064f8dadd994

Timeline

Publicly Published
2022-08-17 (about 1 years ago)
Added
2022-08-18 (about 1 years ago)
Last Updated
2023-05-10 (about 1 years ago)

Other

Published
Title
Published
2022-10-17
Title
WooCommerce Dropshipping < 4.4 - Unauthenticated SQLi
Published
2023-06-12
Title
wpForo Forum < 2.1.8 - Subscriber+ Arbitrary File Read, Author+ PHAR Deserialization, and Subscriber+ Server-Side Request Forgery via file_get_contents
Published
2023-07-20
Title
Jupiter X Core <= 2.5.0 - Unauthenticated Arbitrary File Download
Published
2022-08-01
Title
Lana Downloads Manager < 1.8.0 - Contributor+ Arbitrary File Download
Published
2022-01-10
Title
SEUR Oficial < 1.7.2 - Admin+ Arbitrary File Download