Support » Plugin: All Video Gallery Plugin for WordPress » Vulnerable and lacking

  • This plugin has a vulnerability. Someone was able to access my admin account and change the password using the following which goes on much longer than shown with a whole bunch of numbers at the end.

    wp-content/plugins/all-video-gallery/config.php?vid=7&pid=1 union select 1,2,3,4,group_concat(user_login,0x3a,user_pass),

    It is also lacking in a basic function to create playlists from the videos.

    There is also an error creating the Youtube thumbnail so the thumbnail is blank

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Vulnerable and lacking’ is closed to new replies.