All-in-One Video Gallery
Moderate fix1 remedy
cpe:2.3:a:all_video_gallery_plugin_project:all-video-gallery:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 4.5.7
All-in-One Video Gallery WordPress Plugin Arbitrary File Upload Vulnerability
Vulnerability
Patched
A vulnerability allowing arbitrary file upload has been identified in the All-in-One Video Gallery plugin for WordPress, affecting all versions through 4.5.7. The issue arises from inadequate validation of file types, particularly VTT files, which allows double extension files to evade proper sanitization while being recognized as valid VTT files. This flaw enables authenticated attackers with author-level access or higher to upload arbitrary files to the server, potentially leading to remote code execution.
Impact
Exploitation of this vulnerability could allow for arbitrary file uploads, with the potential for remote code execution, depending on the nature of the uploaded file.
Remediation
Users are advised to update the All-in-One Video Gallery plugin to version 4.6.4 or a newer patched version.
Added: Jan 16, 2026, 5:26 AM
Updated: Jan 16, 2026, 5:26 AM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
10.0exploitability
5.7remediation
7.7relevance
2.1threat
3.2urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.