All-in-One Video Gallery

Vulnerabilities 16Slug all-in-one-video-galleryLatest version 4.7.5WordPress.org →

Minimum safe version

4.7.5

Update to 4.7.5 or later to address 16 fixable vulnerabilities

Latest available4.7.5 ✓

N/A

2026-03-03< 4.7.5

All-in-One Video Gallery <= 4.7.1 - Reflected Cross-Site Scripting via 'vi' Parameter

Wordfence CVE

Medium 6.5

2026-01-23< 4.7.1

CVE-2025-14947

CVE Wordfence

Medium 4.3

2026-01-24< 4.7.1

CVE-2025-15516

CVE EUVD Wordfence

High 8.8

2026-01-16< 4.6.4

CVE-2025-12957

CVE Wordfence

High 8.8

2025-12-06< 4.6.4

CVE-2025-12966

CVE EUVD Wordfence

Medium 6.3

2024-10-16< 2.5.4

Freemius SDK <= 2.4.2 - Missing Authorization Checks

CVE

Medium 5.4

2024-07-24< 3.8.3

CVE-2024-6629

CVE Patchstack Wordfence

High 8.8

2024-05-15< 3.7.0

CVE-2024-4670

CVE Patchstack Wordfence

High 8.8

2024-05-02< 3.6.5

CVE-2024-4033

CVE Wordfence Patchstack

High 8.8

2024-06-09< 3.6.0

CVE-2024-31248

CVE Wordfence Patchstack

N/A

2023-07-18< 3.4.3

WordPress All-in-One Video Gallery Plugin < 3.4.3 is vulnerable to Cross Site Scripting (XSS)

Patchstack WPScan CVE

N/A

2022-03-04< 2.5.4

Freemius SDK <= 2.4.2 - Missing Authorization Checks

Wordfence

High 8.2

2022-09-06< 2.6.1

CVE-2022-2633

CVE Patchstack Wordfence WPScan

N/A

2022-02-28< 2.5.4

WordPress All-in-One Video Gallery plugin < 2.5.4 - Sensitive Information Disclosure vulnerability

Patchstack

N/A

2022-02-28< 2.5.4

WordPress All-in-One Video Gallery plugin < 2.5.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Patchstack

High 7.2

2021-12-13< 2.5.4

CVE-2021-24970

CVE Patchstack Wordfence WPScan