6 matches found
CVE-2021-25115
The CVE-2021-25115 entry concerns the WordPress plugin WP Photo Album Plus. Affected versions (prior to 8.0.10) are vulnerable to Stored Cross-Site Scripting (XSS) due to improper handling of error log content, permitting arbitrary JavaScript execution in the admin panel by any user, including un...
CVE-2023-49813
CVE-2023-49813 affects WP Photo Album Plus (WordPress) with Stored XSS due to improper input handling. Vulnerable versions: through 8.5.02.005; fix available in 8.6.01.005. Remediation: update to 8.6.01.005 or apply vendor patch.
CVE-2023-49812
CVE-2023-49812 affects WP Photo Album Plus plugins (WordPress) up to version 8.5.02.005 and is an Insecure Direct Object Reference (IDOR) vulnerability caused by missing validation on a user-controlled key. It allows unauthenticated access to unauthorized actions, as detailed by Patchstack/NVD/NV...
CVE-2024-10958
CVE-2024-10958 affects the WP Photo Album Plus WordPress plugin. The Red Hat and Wordfence sources confirm an unauthenticated arbitrary shortcode execution vulnerability via the getshortcodedrenderedfenodelay AJAX action in versions up to 8.8.08.007. The underlying issue is a lack of proper valid...
CVE-2024-4037
CVE-2024-4037 affects the WordPress plugin WP Photo Album Plus (all versions up to 8.7.02.003). The issue is an unauthenticated shortcode-execution flaw where an action does not properly validate a value before running do_shortcode, enabling unauthenticated attackers to execute arbitrary shortcod...
CVE-2024-37416
CVE-2024-37416 is an XSS vulnerability (Reflected XSS) in WordPress WP Photo Album Plus, caused by Improper Neutralization of Input During Web Page Generation. Affected: WP Photo Album Plus up to version 8.8.00.002. The provided connected sources confirm the issue and describe the vulnerability c...