Lucene search
K

49 matches found

NVD
NVD
added last week5 views

CVE-2026-57675

Unauthenticated Cross Site Scripting XSS in WP Photo Album Plus = 9.2.02.004 versions...

7.1CVSS0.00191EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:25 p.m.3 views

EUVD-2026-39392

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. This issue affects WP Photo Album Plus: from n/a through 9.1.13.005...

7.5CVSS5.9AI score0.00195EPSS
Exploits0References1
CVE
CVE
added 2026/05/18 6:0 a.m.26 views

CVE-2026-6379

WP Photo Album Plus plugin prior to 9.1.11.001 is vulnerable: wppa_get_photos() concatenates the wppa-supersearch parameter into SQL (owner, name, tag, calendar exifdtm/timestamp sinks) without proper quoting or $wpdb->prepare, enabling unauthenticated SQL injection. The patch in commit d2b0d0...

8.6CVSS5.9AI score0.00472EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:28 a.m.11 views

CVE-2023-49774

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005...

5.3CVSS6.8AI score0.00311EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2015-3684

Malware in sbrugna...

4.3CVSS6.1AI score0.02424EPSS
Exploits3References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2013-3191

Malware in sbrugna...

4.3CVSS6.4AI score0.01601EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-12027

Malware in sbrugna...

6.4CVSS6.4AI score0.00683EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2025/10/04 2:24 a.m.4 views

CVE-2025-8726 WP Photo Album Plus <= 9.0.11.006 - Authenticated (Subscriber+) Stored Cross-Site Scripting via wppa_user_upload

The WP Photo Album Plus plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 9.0.11.006 due to insufficient input sanitization and output escaping in the wppauserupload function. This makes it possible for authenticated attackers, with Subscriber-level...

5.4CVSS5.1AI score0.00196EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-53720

Malicious code in bioql PyPI...

7.5CVSS8.1AI score0.00533EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-37564

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00275EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-29182

Malicious code in bioql PyPI...

9.9CVSS8.8AI score0.00862EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-32602

Malicious code in bioql PyPI...

7.3CVSS6.5AI score0.00478EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-29273

Malicious code in bioql PyPI...

10CVSS6.4AI score0.00542EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-36648

Malicious code in bioql PyPI...

7.1CVSS6.6AI score0.00332EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-53721

Malicious code in bioql PyPI...

7.1CVSS7AI score0.00396EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-53697

Malicious code in bioql PyPI...

5.3CVSS9.1AI score0.00311EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:33 a.m.4 views

CVE-2024-38713

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Stored XSS.This issue affects WP Photo Album Plus: from n/a through 8.8.02.002...

6.5CVSS6.8AI score0.00275EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 5:5 a.m.7 views

CVE-2023-49813

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Stored XSS.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005...

7.1CVSS7.1AI score0.00396EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:30 a.m.8 views

CVE-2013-3254

Cross-site scripting XSS vulnerability in wp-admin/admin.php in the WP Photo Album Plus plugin before 5.0.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the commentid parameter in a wppamanagecomments edit action...

4.3CVSS6AI score0.01601EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:14 a.m.16 views

CVE-2024-10958

The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an action that does not properly validate a value...

7.3CVSS7.6AI score0.01577EPSS
Exploits1References1
Rows per page
Query Builder