Cross-site Scripting Vulnerability in bPlugins Video Gallery Block
CVE-2025-27326

6.5MEDIUM

What is CVE-2025-27326?

The bPlugins Video Gallery Block plugin has a vulnerability that allows for Cross-site Scripting (XSS) through improper input handling during web page generation. This security flaw can enable attackers to inject malicious scripts, potentially compromising user data and leading to unauthorized actions. The vulnerability impacts versions up to 1.1.0, stressing the need for timely updates and robust security practices to protect web applications.

Affected Version(s)

Video Gallery Block – Display your videos as a gallery in a professional way <= 1.1.0

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Prissy (Patchstack Alliance)
.
CVE-2025-27326 : Cross-site Scripting Vulnerability in bPlugins Video Gallery Block