WordPress Gallery Video plugin <= 2.1.0 – SQL Injection vulnerability

  • Resolved WFRM IT Staff

    (@wfrmitstaff)


    1 year, 5 months ago

    Good morning,
    I ask you to check if possible because this morning a vulnerability appeared on this plugin from WP Defender

    CVSS Score?7.6

    #WordPress Gallery Video plugin <= 2.1.0 – SQL Injection vulnerability
    -Vulnerability type: SQL Injection
    -No Update Available

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author totalsoft

    (@totalsoft)

    Hello, dear wfrmitstaff.

    Thank you very much for your question.

    Thanks for using our video gallery plugin. Our team is always happy to help you.

    In 2.1.1 version problem solved. Please update the plugins.

    We are always happy to hear from you and solve all problems. We will develop the plugin with you. For us, the most important thing is that the plugin should be used by the developers themselves.

    Thanks for the good suggestion.

    Have a good day!

    According to the threat report linked below, version 2.1.1 did NOT correct the vulnerability, nor did 2.1.2, 2.1.3 or 2.1.4. As of yesterday (11/7/23), the threat report indicates all updates through 2.1.4 failed to correct the vulnerability, and no effective patch has been released. The lack of transparency on the status of this plugin does not reflect well on the plugin author. Misinforming users about the safety of the plugin puts sites at risk, which is unacceptable.

    https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/gallery-videos/video-gallery-youtube-gallery-202-authenticated-administrator-sql-injection

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘WordPress Gallery Video plugin <= 2.1.0 – SQL Injection vulnerability’ is closed to new replies.

Tags