cbcvebase.

Wppa Wp Photo Album Plus vulnerabilities

6 known vulnerabilities affecting wppa/wp_photo_album_plus.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2024-10958P3HIGHCVSS 7.3fixed in 8.9.01.0012024-11-10
CVE-2024-10958 [HIGH] CWE-94 CVE-2024-10958: The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for u
nvd
CVE-2024-4037P3HIGHCVSS 7.3fixed in 8.7.00.0042024-05-24
CVE-2024-4037 [HIGH] CWE-94 CVE-2024-4037: The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all v The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arb
nvd
CVE-2023-49812P3HIGHCVSS 7.5≤ 8.5.02.0052023-12-19
CVE-2023-49812 [HIGH] CWE-639 CVE-2023-49812: Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP P Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.
nvd
CVE-2021-25115P4MEDIUMCVSS 6.4fixed in 8.0.10.0062022-02-14
CVE-2021-25115 [MEDIUM] CWE-79 CVE-2021-25115: The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable to Stored Cross-Site Scripting The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable to Stored Cross-Site Scripting (XSS). Error log content was handled improperly, therefore any user, even unauthenticated, could cause arbitrary javascript to be executed in the admin panel.
nvd
CVE-2023-49813P4MEDIUMCVSS 6.1≤ 8.5.02.0052023-12-14
CVE-2023-49813 [MEDIUM] CWE-79 CVE-2023-49813: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Stored XSS.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.
nvd
CVE-2024-37416P4MEDIUMCVSS 6.1fixed in 8.8.00.0032024-07-22
CVE-2024-37416 [MEDIUM] CWE-79 CVE-2024-37416: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Reflected XSS.This issue affects WP Photo Album Plus: from n/a through 8.8.00.002.
nvd
Wppa Wp Photo Album Plus vulnerabilities | cvebase