cleantalk
Vulnerabilities and Security Researches

All-in-One Video Gallery, CVE-2021-24970

CVE, Research URL

CVE-2021-24970

Home page URL

Security reports for All-in-One Video Gallery

Application

All-in-One Video Gallery

Published on
Dec 13, 2021
Research Description
The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sanitise and validate the tab parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue
Affected versions
max 2.5.4.
Status
vulnerable
Previous vulnerability researches
All-in-One Video Gallery (CVE-2021-24970) , Jun 07, 2024
All-in-One Video Gallery (CVE-2022-2633) , Jun 07, 2024
All-in-One Video Gallery (CVE-2024-4670) , Jun 07, 2024
All-in-One Video Gallery (CVE-2024-31248) , Jun 07, 2024
All-in-One Video Gallery (CVE-2024-4033) , Jun 07, 2024
New vulnerability
GitHub Gist Shortcode Plugin (CVE-2025-12667) , Dec 12, 2025
Cryptocurrency Payment Gateway for WooCommerce (CVE-2025-12392) , Dec 12, 2025
Wbcom Designs – Private Community for BuddyPress (CVE-2025-67582) , Dec 12, 2025
WP-Walla (CVE-2025-12589) , Dec 12, 2025
Master Addons for Elementor (CVE-2025-63055) , Dec 12, 2025