CVE-2022-2633

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the 'dl' parameter found in the ~/public/video.php file in versions up to, and including 2.6.0. This makes it possible for unauthenticated users to download sensitive files hosted on the affected server and forge requests to the server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
plugins360all-in-one_video_gallery
2.5.8 ≤
𝑥
≤ 2.6.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/trunk/public/video.php#L227
https://plugins.trac.wordpress.org/changeset/2768384/all-in-one-video-gallery/trunk/public/video.php
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2744708%40all-in-one-video-gallery&new=2744708%40all-in-one-video-gallery&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/83b0534e-1b8d-46a8-9698-e7ca73e5ab57?source=cve
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2633
https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/trunk/public/video.php#L227
https://plugins.trac.wordpress.org/changeset/2768384/all-in-one-video-gallery/trunk/public/video.php
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2744708%40all-in-one-video-gallery&new=2744708%40all-in-one-video-gallery&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/83b0534e-1b8d-46a8-9698-e7ca73e5ab57?source=cve
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2633