CVE-2022-0826: 
WordPress vulnerability analysis and mitigation

CVE-2022-0826 affects the WP Video Gallery WordPress plugin through version 1.7.1. The vulnerability was discovered and publicly disclosed on April 13, 2022. The issue exists in the plugin's AJAX functionality where it fails to properly sanitize and escape parameters before using them in SQL statements (WPScan).

The vulnerability is classified as an SQL Injection (SQLI) with a CVSS score of 8.6 (High). It falls under the OWASP Top 10 category A1: Injection and is mapped to CWE-89. The vulnerability exists in the AJAX action 'wpvideogalleryajaxaddsingleyoutube' where user input is not properly sanitized before being used in SQL queries (WPScan).

This vulnerability allows unauthenticated users to perform SQL injection attacks against the affected WordPress installations. The high CVSS score of 8.6 indicates that successful exploitation could lead to significant security impacts, including potential database compromise and unauthorized data access (WPScan).

As of the last update, there is no known fix available for this vulnerability in the WP Video Gallery plugin. Website administrators running affected versions should consider removing or disabling the plugin until a security patch is released (WPScan).