CVE-2025-27326
BaseFortify
Publication date: 2025-07-04
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-27326 is a Cross Site Scripting (XSS) vulnerability in the WordPress plugin "Video Gallery Block β Display your videos as a gallery in a professional way" up to version 1.1.0. It allows an attacker with at least Contributor privileges to inject malicious scripts, such as redirects, advertisements, or other HTML payloads, into a website. These scripts execute when visitors access the site, potentially compromising the site's integrity and user experience. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to inject malicious scripts into your website, which can execute when visitors access your site. This can lead to unauthorized redirects, display of unwanted advertisements, or other harmful HTML payloads. Although the severity is considered low (CVSS score 6.5) and exploitation is unlikely to be widespread, compromised sites may suffer from reputation damage, user trust loss, and potential security breaches. There is currently no official patch, but virtual patching is available as a mitigation. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying if the affected WordPress plugin 'Video Gallery Block β Display your videos as a gallery in a professional way' version 1.1.0 or earlier is installed and if users with Contributor privileges can inject scripts. Since plugin-based malware scanners may be unreliable, professional incident response is recommended. No specific commands are provided for detection. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) offered by Patchstack, which auto-mitigates the vulnerability even without an official fix. Users should also restrict Contributor privileges to trusted users only and seek professional incident response if compromise is suspected. No official patch or fixed version is currently available. [1]