CVE-2025-12966

by Fred · 06/12/2025

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the resolve_import_directory() function in versions 4.5.4 to 4.5.7. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible.

More information : https://plugins.trac.wordpress.org/changeset/3405593/all-in-one-video-gallery/trunk/admin/import-export.php

CVE-2025-12966

Similar

Recent Posts

Categories

CVE-2025-12966

Share this:

Similar

Recent Posts

Categories

Tags