All-in-One Video Gallery 4.5.4 – 4.5.7 – Authenticated (Author+) Arbitrary File Upload via Import ZIP | CVE 2025-12966 | Plugin Vulnerabilities

Description

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the resolve_import_directory() function in versions 4.5.4 to 4.5.7. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Affects Plugins

all-in-one-video-gallery

Fixed in 4.6.4

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/0b03bca1-84e3-4220-b39b-69044c42e9f9

Miscellaneous

Original Researcher

kr0d

Verified

No

WPVDB ID

435089f1-79e3-44be-bf0c-2b671c009fa4

Timeline

Publicly Published

2025-12-05 (about 5 months ago)

Added

2025-12-05 (about 5 months ago)

Last Updated

2025-12-06 (about 5 months ago)

Other

Published

Title

Published

2024-11-08

Title

Computer Repair Shop < 3.8116 - Unauthenticated Arbitrary File Upload

Published

2024-12-06

Title

Import Export For WooCommerce <= 1.6.2 - Subscriber+ Arbitrary File Upload

Published

2025-08-27

Title

Pin WP < 7.2 - Authenticated (Subscriber+) Arbitrary File Upload

Published

2016-09-19

Title

Front end file upload and manager Plugin < 4.0 - Arbitrary File Upload

Published

2014-08-01

Title

Annonces 1.2.0.1 - admin/theme.php File Upload PHP Code Execution