Cross-site Scripting Vulnerability in bPlugins Video Gallery Block
CVE-2025-27326
6.5MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 4 July 2025
What is CVE-2025-27326?
The bPlugins Video Gallery Block plugin has a vulnerability that allows for Cross-site Scripting (XSS) through improper input handling during web page generation. This security flaw can enable attackers to inject malicious scripts, potentially compromising user data and leading to unauthorized actions. The vulnerability impacts versions up to 1.1.0, stressing the need for timely updates and robust security practices to protect web applications.
Affected Version(s)
Video Gallery Block – Display your videos as a gallery in a professional way <= 1.1.0