WordPress Plugin Vulnerabilities

DZS Video Gallery - ajax.php source Parameter Reflected XSS

Description

The dzs-videogallery WordPress plugin was affected by an ajax.php source Parameter Reflected XSS security vulnerability.

Affects Plugins

Plugin icon
dzs-videogallery
Fixed in 9.64

References

URL
https://packetstormsecurity.com/files/#125179/

Classification

Type
RCE
OWASP top 10
A1: Injection
CWE
CWE-94

Miscellaneous

Verified
No
WPVDB ID
e05e9437-eee0-4d80-ab07-6325f2663d3e

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2020-07-06 (about 5 years ago)

Other

Published
Title
Published
2024-02-26
Title
Slivery Extender <= 1.0.2 - Authenticated(Contributor+) Remote Code Execution via shortcode
Published
2022-02-08
Title
PHP Everywhere < 3.0.0 - Contributor+ RCE via Gutenberg Block
Published
2025-04-15
Title
Sign-up Sheets < 2.3.1 - Unauthenticated Arbitrary Shortcode Execution
Published
2025-05-07
Title
NEX-Forms – Ultimate Form Builder – Contact forms and much more < 8.9.2 - Authenticated (Custom) Limited Code Execution via get_table_records Function
Published
2024-09-24
Title
Special Text Boxes < 6.2.5 - Unauthenticated Arbitrary Shortcode Execution