WordPress.org

Forums

WORDPRESS VIDEO GALLERY
SQL Injection and XSS Vulnerabilities in the plugin v.2.5 (4 posts)

  1. vloo
    Member
    Posted 8 months ago #

    Hey, guys, you'd better have in mind that this version (2.5) of the plugin has some serious vulnerabilities! You can get more info here:

    http://www.exploit-db.com/exploits/34161/

    https://wordpress.org/plugins/contus-video-gallery/

  2. hdflvplayer
    Member
    Plugin Author

    Posted 8 months ago #

    Hi,

    We appreciate your time on bringing this to our notice. We have already found the issue and updated the package. Kindly download the updated package in the following link http://wordpress.org/plugins/contus-video-gallery/ and check. If you are still facing any difficulties in this feel free to contact us.

  3. vloo
    Member
    Posted 8 months ago #

    Hi, I can't really see a newer version of the plugin, so it's still on the current, vulnerable one. Furthermore, you are missing the changelog tab for the plugin, so lot's of people will miss the really important info on what exactly is updated in the newer version and why it's a must to update it.

  4. arunprasath
    Apptha plugin contributor
    Posted 8 months ago #

    Hi,

    We have fixed the SQL issue on the same version and we have updated the change log as requested. So please go to http://wordpress.org/plugins/contus-video-gallery/changelog/ to find the udpates. Also download the latest package to overcome the sql issue.

    Thanks
    Arun

Reply

You must log in to post.

About this Plugin

About this Topic