cbcvebase.

Suiteplugins Video Photo Gallery For Ultimate Member vulnerabilities

4 known vulnerabilities affecting suiteplugins/video_photo_gallery_for_ultimate_member.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2024-54370P2CRITICALCVSS 9.9≤ 1.1.02024-12-16
CVE-2024-54370 [CRITICAL] CWE-434 CVE-2024-54370: Unrestricted Upload of File with Dangerous Type vulnerability in SuitePlugins Video & Photo Gallery Unrestricted Upload of File with Dangerous Type vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member gallery-for-ultimate-member allows Upload a Web Shell to a Web Server.This issue affects Video & Photo Gallery for Ultimate Member: from n/a through <= 1.1.0.
nvd
CVE-2025-32121P3HIGHCVSS 7.6≤ 1.1.32025-04-04
CVE-2025-32121 [HIGH] CWE-89 CVE-2025-32121: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member gallery-for-ultimate-member allows SQL Injection.This issue affects Video & Photo Gallery for Ultimate Member: from n/a through <= 1.1.3.
nvd
CVE-2025-22672P4MEDIUMCVSS 4.9≤ 1.1.22025-03-27
CVE-2025-22672 [MEDIUM] CWE-918 CVE-2025-22672: Server-Side Request Forgery (SSRF) vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Server-Side Request Forgery (SSRF) vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member gallery-for-ultimate-member allows Server Side Request Forgery.This issue affects Video & Photo Gallery for Ultimate Member: from n/a through <= 1.1.2.
nvd
CVE-2024-12162P4MEDIUMCVSS 6.1≤ 1.1.12024-12-12
CVE-2024-12162 [MEDIUM] CWE-79 CVE-2024-12162: The Video & Photo Gallery for Ultimate Member plugin for WordPress is vulnerable to Reflected Cross- The Video & Photo Gallery for Ultimate Member plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute i
nvd
Suiteplugins Video Photo Gallery For Ultimate Member vulnerabilities | cvebase