2 matches found
CVE-2026-10095
CVE-2026-10095 affects the WP Photo Album Plus plugin for WordPress. The flaw is a Stored Cross-Site Scripting (XSS) via the subtext parameter in all versions up to and including 9.1.13.005, caused by insufficient input sanitization and output escaping. An authenticated attacker with contributor-...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the use of the data-subtext attribute, in cases where that content originates from a user-controlled input. PoC by Snyk Research js HTML a javascript alert JS: $'.selectpicker'.selectpicker; Details Cross-si...