Cross-site Scripting Vulnerability in Huzzaz Video Gallery Plugin
CVE-2025-62910

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Video Gallery By Huzzaz
Vendor: CVE Published:; 27 October 2025

What is CVE-2025-62910?

The Huzzaz Video Gallery plugin allows an attacker to exploit a Cross-site Scripting (XSS) vulnerability through improper neutralization of input during web page generation. This security flaw enables attackers to inject malicious scripts, potentially compromising user sessions and data integrity. Website administrators using the affected version of the Video Gallery by Huzzaz are encouraged to implement security measures and update to the latest version to mitigate risk.

Affected Version(s)

Video Gallery by Huzzaz <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/huzz...

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 27, 2025
Vulnerability Reserved
Oct 24, 2025

Credit

Muhammad Yudha - DJ | Patchstack Bug Bounty Program

JSON