CVE-2026-32524 WordPress Photo Engine plugin <= 6.4.9 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow Photo Engine wplr-sync allows Upload a Web Shell to a Web Server.This issue affects Photo Engine: from n/a through = 6.4.9...

CVE-2025-54672 WordPress Photo Engine Plugin plugin <= 6.4.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Jordy Meow Photo Engine wplr-sync allows Cross Site Request Forgery.This issue affects Photo Engine: from n/a through = 6.4.3...

WordPress Photo Engine Plugin <= 6.4.0 is vulnerable to Broken Access Control

Software Photo Engine Type Plugin Vulnerable versions = 6.4.0 Fixed in 6.4.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43332 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6c8a51b120f7 Credits Majed Refaea Required privilege...

WordPress Photo Engine Plugin <= 6.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Photo Engine Type Plugin Vulnerable versions = 6.3.1 Fixed in 6.3.2 OWASP Top 10 A4: Insecure Design Classification Cross Site Scripting XSS CVE CVE-2024-39660 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID dc7264fd0c77 Credits Majed Refaea Required privilege...