CVE-2014-9098

Name of the Vulnerable Software and Affected Versions Apptha WordPress Video Gallery (contus-video-gallery) plugin version 2.5

Description The issue allows remote authenticated users to inject arbitrary web script or HTML via the videoadssearchQuery parameter to API endpoints such as "/videoads/videoads.php", "/video/video.php", or "/playlist/playlist.php". This can lead to cross-site scripting (XSS) attacks.

Recommendations For Apptha WordPress Video Gallery (contus-video-gallery) plugin version 2.5, consider updating to a version released after 2014-07-23 to resolve the issue. As a temporary workaround, restrict access to the vulnerable API endpoints "/videoads/videoads.php", "/video/video.php", and "/playlist/playlist.php" to minimize the risk of exploitation. Avoid using the videoadssearchQuery parameter in these endpoints until the issue is resolved.