Vulnerability Details CVE-2021-24970
The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sanitise and validate the tab parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue
Exploit prediction scoring system (EPSS) score
EPSS Score 0.197
EPSS Ranking 95.2%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
Products affected by CVE-2021-24970
-
cpe:2.3:a:plugins360:all-in-one_video_gallery:-
-
cpe:2.3:a:plugins360:all-in-one_video_gallery:2.4.0
-
cpe:2.3:a:plugins360:all-in-one_video_gallery:2.4.1
-
cpe:2.3:a:plugins360:all-in-one_video_gallery:2.4.2
-
cpe:2.3:a:plugins360:all-in-one_video_gallery:2.4.3
-
cpe:2.3:a:plugins360:all-in-one_video_gallery:2.4.4
-
cpe:2.3:a:plugins360:all-in-one_video_gallery:2.4.5
-
cpe:2.3:a:plugins360:all-in-one_video_gallery:2.4.6
-
cpe:2.3:a:plugins360:all-in-one_video_gallery:2.4.7
-
cpe:2.3:a:plugins360:all-in-one_video_gallery:2.4.8
-
cpe:2.3:a:plugins360:all-in-one_video_gallery:2.4.9