All-in-One Video Gallery

inOne Video Gallery plugin <= 3.7.1 Authenticated (Contributor+) Stored CrossSite Scripting via Video Shortcode vulnerability <= 3.7.1

inOne Video Gallery plugin <= 3.6.5 Authenticated (Contributor+) Local File Inclusion via aiovg_search_form Shortcode vulnerability <= 3.6.5

inOne Video Gallery plugin <= 3.6.4 Authenticated (Contributor+) Arbitrary File Upload via featured image vulnerability <= 3.6.4

inOne Video Gallery plugin <= 3.5.2 Broken Access Control vulnerability <= 3.5.2

inOne Video Gallery plugin < 3.4.3 Reflected Cross Site Scripting (XSS) vulnerability < 3.4.3