Lucene search
K

5 matches found

NVD
NVD
added 2024/05/24 9:15 a.m.35 views

CVE-2024-4037

The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running doshortcode. This make...

7.3CVSS7.1AI score0.00478EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/05/24 8:30 a.m.22 views

CVE-2024-4037 WP Photo Album Plus <= 8.7.02.003 - Unauthenticated Arbitrary Shortcode Execution

The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running doshortcode. This make...

6.5CVSS7.6AI score0.00478EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/05/24 8:30 a.m.34 views

CVE-2024-4037 WP Photo Album Plus <= 8.7.02.003 - Unauthenticated Arbitrary Shortcode Execution

The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running doshortcode. This make...

6.5CVSS7.1AI score0.00478EPSS
Exploits0References4
CVE
CVE
added 2024/05/24 8:30 a.m.57 views

CVE-2024-4037

CVE-2024-4037 affects the WordPress plugin WP Photo Album Plus (all versions up to 8.7.02.003). The issue is an unauthenticated shortcode-execution flaw where an action does not properly validate a value before running do_shortcode, enabling unauthenticated attackers to execute arbitrary shortcod...

7.3CVSS7AI score0.00478EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2024/05/24 12:0 a.m.15 views

WordPress WP Photo Album Plus Plugin <= 8.7.00.003 is vulnerable to Content Injection

Software WP Photo Album Plus Type Plugin Vulnerable versions = 8.7.00.003 Fixed in 8.7.00.004 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-4037 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2c20c334a973 Credits stealthcopter Required...

7.3CVSS6.8AI score0.00478EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder