49 matches found
CVE-2026-57675
Unauthenticated Cross Site Scripting XSS in WP Photo Album Plus = 9.2.02.004 versions...
EUVD-2026-39392
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. This issue affects WP Photo Album Plus: from n/a through 9.1.13.005...
CVE-2026-6379
WP Photo Album Plus plugin prior to 9.1.11.001 is vulnerable: wppa_get_photos() concatenates the wppa-supersearch parameter into SQL (owner, name, tag, calendar exifdtm/timestamp sinks) without proper quoting or $wpdb->prepare, enabling unauthenticated SQL injection. The patch in commit d2b0d0...
CVE-2023-49774
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005...
EUVD-2015-3684
Malware in sbrugna...
EUVD-2013-3191
Malware in sbrugna...
EUVD-2021-12027
Malware in sbrugna...
CVE-2025-8726 WP Photo Album Plus <= 9.0.11.006 - Authenticated (Subscriber+) Stored Cross-Site Scripting via wppa_user_upload
The WP Photo Album Plus plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 9.0.11.006 due to insufficient input sanitization and output escaping in the wppauserupload function. This makes it possible for authenticated attackers, with Subscriber-level...
EUVD-2023-53720
Malicious code in bioql PyPI...
EUVD-2024-37564
Malicious code in bioql PyPI...
EUVD-2024-29182
Malicious code in bioql PyPI...
EUVD-2024-32602
Malicious code in bioql PyPI...
EUVD-2024-29273
Malicious code in bioql PyPI...
EUVD-2024-36648
Malicious code in bioql PyPI...
EUVD-2023-53721
Malicious code in bioql PyPI...
EUVD-2023-53697
Malicious code in bioql PyPI...
CVE-2024-38713
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Stored XSS.This issue affects WP Photo Album Plus: from n/a through 8.8.02.002...
CVE-2023-49813
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Stored XSS.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005...
CVE-2013-3254
Cross-site scripting XSS vulnerability in wp-admin/admin.php in the WP Photo Album Plus plugin before 5.0.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the commentid parameter in a wppamanagecomments edit action...
CVE-2024-10958
The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an action that does not properly validate a value...