Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/10/05 2:51 a.m.9 views

CVE-2025-8726

The WP Photo Album Plus plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 9.0.11.006 due to insufficient input sanitization and output escaping in the wppauserupload function. This makes it possible for authenticated attackers, with Subscriber-level...

5.4CVSS5.4AI score0.00196EPSS
Exploits0References1
NVD
NVD
added 2025/10/04 3:15 a.m.6 views

CVE-2025-8726

The WP Photo Album Plus plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 9.0.11.006 due to insufficient input sanitization and output escaping in the wppauserupload function. This makes it possible for authenticated attackers, with Subscriber-level...

5.4CVSS0.00196EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/04 2:24 a.m.8 views

CVE-2025-8726 WP Photo Album Plus <= 9.0.11.006 - Authenticated (Subscriber+) Stored Cross-Site Scripting via wppa_user_upload

The WP Photo Album Plus plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 9.0.11.006 due to insufficient input sanitization and output escaping in the wppauserupload function. This makes it possible for authenticated attackers, with Subscriber-level...

5.4CVSS0.00196EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/04 2:24 a.m.3 views

CVE-2025-8726 WP Photo Album Plus <= 9.0.11.006 - Authenticated (Subscriber+) Stored Cross-Site Scripting via wppa_user_upload

The WP Photo Album Plus plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 9.0.11.006 due to insufficient input sanitization and output escaping in the wppauserupload function. This makes it possible for authenticated attackers, with Subscriber-level...

5.4CVSS5.1AI score0.00196EPSS
Exploits0References3
Rows per page
Query Builder