Lucene search
K
WppaWp Photo Album Plus

6 matches found

CVE
CVE
added 2022/02/14 9:20 a.m.90 views

CVE-2021-25115

The CVE-2021-25115 entry concerns the WordPress plugin WP Photo Album Plus. Affected versions (prior to 8.0.10) are vulnerable to Stored Cross-Site Scripting (XSS) due to improper handling of error log content, permitting arbitrary JavaScript execution in the admin panel by any user, including un...

6.4CVSS6AI score0.00683EPSS
Web
CVE
CVE
added 2023/12/14 3:51 p.m.82 views

CVE-2023-49813

CVE-2023-49813 affects WP Photo Album Plus (WordPress) with Stored XSS due to improper input handling. Vulnerable versions: through 8.5.02.005; fix available in 8.6.01.005. Remediation: update to 8.6.01.005 or apply vendor patch.

7.1CVSS7.1AI score0.00396EPSS
CVE
CVE
added 2023/12/19 8:55 p.m.78 views

CVE-2023-49812

CVE-2023-49812 affects WP Photo Album Plus plugins (WordPress) up to version 8.5.02.005 and is an Insecure Direct Object Reference (IDOR) vulnerability caused by missing validation on a user-controlled key. It allows unauthenticated access to unauthorized actions, as detailed by Patchstack/NVD/NV...

7.5CVSS7.8AI score0.00533EPSS
CVE
CVE
added 2024/11/10 12:30 p.m.73 views

CVE-2024-10958

CVE-2024-10958 affects the WP Photo Album Plus WordPress plugin. The Red Hat and Wordfence sources confirm an unauthenticated arbitrary shortcode execution vulnerability via the getshortcodedrenderedfenodelay AJAX action in versions up to 8.8.08.007. The underlying issue is a lack of proper valid...

7.3CVSS7.3AI score0.01577EPSS
Web
CVE
CVE
added 2024/05/24 8:30 a.m.56 views

CVE-2024-4037

CVE-2024-4037 affects the WordPress plugin WP Photo Album Plus (all versions up to 8.7.02.003). The issue is an unauthenticated shortcode-execution flaw where an action does not properly validate a value before running do_shortcode, enabling unauthenticated attackers to execute arbitrary shortcod...

7.3CVSS7AI score0.00478EPSS
CVE
CVE
added 2024/07/22 8:31 a.m.50 views

CVE-2024-37416

CVE-2024-37416 is an XSS vulnerability (Reflected XSS) in WordPress WP Photo Album Plus, caused by Improper Neutralization of Input During Web Page Generation. Affected: WP Photo Album Plus up to version 8.8.00.002. The provided connected sources confirm the issue and describe the vulnerability c...

7.1CVSS7AI score0.00332EPSS