Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

plugins360 — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting plugins360. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Plugins360 develops WordPress plugins for enhancing website functionality, with a core use case of extending site capabilities through various add-ons. Historically, the plugins have been susceptible to multiple security vulnerabilities, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation, contributing to their 9 recorded CVEs. These issues often stem from insufficient input validation and improper access controls. While no major public security incidents have been widely documented, the consistent presence of vulnerabilities in their products indicates a pattern of security shortcomings that administrators should address promptly through updates or replacement.

Found 9 results / 9Clear Filters
Top products by plugins360: All-in-One Video Gallery
CVE IDTitleCVSSSeverityPublished
CVE-2026-1706 All-in-One Video Gallery <= 4.7.1 - Reflected Cross-Site Scripting via 'vi' Parameter — All-in-One Video GalleryCWE-79 6.1 Medium2026-03-04
CVE-2025-15516 All-in-One Video Gallery 4.1.0 - 4.6.4 - Missing Authorization to Authenticated (Subscriber+) Limited User Meta Update — All-in-One Video GalleryCWE-862 4.3 Medium2026-01-24
CVE-2025-14947 All-in-One Video Gallery <= 4.6.4 - Missing Authorization to Unauthenticated Bunny Stream Video Creation/Deletion — All-in-One Video GalleryCWE-862 6.5 Medium2026-01-23
CVE-2025-12957 All-in-One Video Gallery <= 4.5.7 - Authenticated (Author+) Arbitrary File Upload via VTT Upload Bypass — All-in-One Video GalleryCWE-434 8.8 High2026-01-16
CVE-2025-12966 All-in-One Video Gallery 4.5.4 - 4.5.7 – Authenticated (Author+) Arbitrary File Upload via Import ZIP — All-in-One Video GalleryCWE-434 8.8 High2025-12-06
CVE-2024-6629 All-in-One Video Gallery <= 3.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Shortcode — All-in-One Video GalleryCWE-79 6.4 Medium2024-07-24
CVE-2024-4670 All-in-One Video Gallery <= 3.6.5 - Authenticated (Contributor+) Local File Inclusion via aiovg_search_form Shortcode — All-in-One Video GalleryCWE-98 8.8 High2024-05-15
CVE-2024-4033 All-in-One Video Gallery <= 3.6.4 - Authenticated (Contributor+) Arbitrary File Upload via featured image — All-in-One Video GalleryCWE-434 8.8 High2024-05-02
CVE-2022-2633 WordPress plugin All-in-One Video Gallery 安全漏洞 — All-in-One Video Gallery 7.5 High2022-09-06

This page lists every published CVE security advisory associated with plugins360. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.