GCVE - cpe:2.3:a:emarket-design:video_gallery_–_youtube_gallery_&_responsive_video

Approved changes feed: RSS · Atom

cpe:2.3:a:emarket-design:video_gallery_–_youtube_gallery_&_responsive_video_playlist:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Emarket Design (`8fb61feb-3a38-520b-9ec4-c08f2531594e`)
Product	Video Gallery – Youtube Gallery & Responsive Video Playlist (`423a8412-c25f-5d47-92bc-6ab7f64b5645`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-8420`	vulnerable	2026-06-03 15:13:43.573970	Multiple Plugins by emarket-design <= Multiple Versions - Unauthenticated Limited Remote Code Execution HIGH (8.1) Multiple plugins for WordPress by emarket-design with the 'emd-form-builder-lite' package are vulnerable to Remote Code Execution in various versions via the emd_form_builder_lite_pagenum function. This is due to the plugin not properly validating user input before using it as a function name. This makes it possible for unauthenticated attackers to execute code on the server, however, parameters can not be passed to the functions called Published: 2025-08-06T02:24:12.120Z Updated: 2026-04-08T16:56:28.904Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/601aa2b5-aeac-49bc-960d-4b4ff83e9229?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3338854%40request-a-quote&new=3338854%40request-a-quote&sfp_email=&sfph_mail= https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3340992%40software-issue-manager&new=3340992%40software-issue-manager&sfp_email=&sfph_mail= https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3341064%40wp-ticket&new=3341064%40wp-ticket&sfp_email=&sfph_mail= https://plugins.trac.wordpress.org/changeset/3346435/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-3268`	vulnerable	2026-06-03 14:56:23.835125	YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress <= 3.3.6 - Missing Authorization to Arbitrary Post/Page Creation MEDIUM (5.3) The YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the emd_form_builder_lite_submit_form function in all versions up to, and including, 3.3.6. This makes it possible for unauthenticated attackers to create arbitrary posts or pages. Published: 2024-05-21T11:33:17.396Z Updated: 2026-04-08T16:35:31.722Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/0e9d5382-d37d-4a40-8f22-e32b8ee98859?source=cve https://plugins.trac.wordpress.org/changeset/3088363/youtube-showcase	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Video Gallery – Youtube Gallery & Responsive Video Playlist

PURL mappings

Vulnerability references

Contribute