Cross-site Scripting Vulnerability in bPlugins Video Gallery Block
CVE-2025-27326

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Video Gallery Block – Display Your Videos As A Gallery In A Professional Way
Vendor: CVE Published:; 4 July 2025

What is CVE-2025-27326?

The bPlugins Video Gallery Block plugin has a vulnerability that allows for Cross-site Scripting (XSS) through improper input handling during web page generation. This security flaw can enable attackers to inject malicious scripts, potentially compromising user data and leading to unauthorized actions. The vulnerability impacts versions up to 1.1.0, stressing the need for timely updates and robust security practices to protect web applications.

Affected Version(s)

Video Gallery Block – Display your videos as a gallery in a professional way <= 1.1.0

References

https://patchstack.com/database/wordpress/plugin/video-ga...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Feb 21, 2025

Credit

Prissy (Patchstack Alliance)