CVE-2025-27326

Name of the Vulnerable Software and Affected Versions: bPlugins Video Gallery Block versions 1.1.0 and earlier

Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting (XSS). This enables attackers to inject malicious scripts into the application, potentially leading to unauthorized actions.

Recommendations: For bPlugins Video Gallery Block version 1.1.0 and earlier, consider disabling the video gallery functionality until a patch is available to prevent stored XSS attacks. Restrict access to the video gallery block to minimize the risk of exploitation. Avoid using user-inputted data in the video gallery block until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.