All-in-One Video Gallery

Plugins360 Labs

Developer

4.7.1

Latest version

20,000

Installations

No date

Last updated

WordPress Plugin

No VDP

Claim ownership

Report vulnerability

Vulnerabilities

Security Contributors

Vulnerability history

0 present

13 fixed

8 Mitigation rules

Authenticated (Author+) Arbitrary File Upload via VTT Upload Bypass vulnerability
<= 4.5.7
Feb 3, 2026
Missing Authorization to Authenticated (Subscriber+) Limited User Meta Update vulnerability
4.1.0-4.6.4
Jan 24, 2026
Missing Authorization to Unauthenticated Bunny Stream Video Creation/Deletion vulnerability
<= 4.6.4
Jan 23, 2026
Arbitrary File Upload vulnerability
<= 4.5.7
Dec 8, 2025
Authenticated (Contributor+) Stored Cross-Site Scripting via Video Shortcode vulnerability
<= 3.7.1
Jul 24, 2024
Authenticated (Contributor+) Local File Inclusion via aiovg_search_form Shortcode vulnerability
<= 3.6.5
May 15, 2024
Authenticated (Contributor+) Arbitrary File Upload via featured image vulnerability
<= 3.6.4
May 1, 2024
Broken Access Control vulnerability
<= 3.5.2
Apr 5, 2024
Reflected Cross Site Scripting (XSS) vulnerability
< 3.4.3
Jul 18, 2023
Unauthenticated Arbitrary File Download & SSRF vulnerability
2.5.8-2.6.0
Aug 18, 2022
Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
< 2.5.4
Feb 28, 2022
Sensitive Information Disclosure vulnerability
< 2.5.4
Feb 28, 2022
Local File Inclusion (LFI) vulnerability
<= 2.4.9
Nov 15, 2021