WP Photo Album WordPress Plugin 1.5.1 Cross Site Scripting

Vulnerability ID: HTB22961 Reference: http://www.htbridge.ch/advisory/xssinwpphotoalbumwordpressplugin.html Product: WP Photo Album wordpress plugin Vendor: Rubin J. Kaplan http://me.mywebsight.ws/ Vulnerable Version: 1.5.1 Vendor Notification: 14 April 2011 Vulnerability Type: XSS Cross Site...

Sql injection

Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album WPPA before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via 1 the photo parameter to index.php, used by the wppaphotoname function; or 2 the album parameter to index.php, used by the...