Description
WordPress Plugin All-in-One Video Gallery is prone to multiple vulnerabilities, including arbitrary file download and server-side request forgery vulnerabilities. Exploiting these issues may allow an attacker to gain access to sensitive information, which may aid in launching further attacks, or to make the vulnerable server perform port scanning of hosts in internal or external networks; other attacks are also possible. WordPress Plugin All-in-One Video Gallery versions 2.5.8 - 2.6.0 are vulnerable.
Remediation
Update to plugin version 2.6.1 or latest
References
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2633
https://plugins.svn.wordpress.org/all-in-one-video-gallery/trunk/README.txt
Related Vulnerabilities
Python Integer Overflow or Wraparound Vulnerability (CVE-2022-37454)
WordPress Plugin Simple 301 Redirects by BetterLinks Unspecified Vulnerability (1.06)
WebLogic CVE-2016-0573 Vulnerability (CVE-2016-0573)
ownCloud Other Vulnerability (CVE-2014-2055)
PHP Use of Externally-Controlled Format String Vulnerability (CVE-2015-8617)