Vulnerabilities and security researches for wp-photo-album-plus
WP Photo Album Plus # CVE-2013-3254
- CVE
- Application
- Date
- Jun 07, 2024, 07:06:15
- Research Description
- Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the WP Photo Album Plus plugin before 5.0.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the commentid parameter in a wppa_manage_comments edit action.
- Status
-
vulnerableMedium
- Actual on
- Jul 05, 2024, 11:07:25
WP Photo Album Plus # CVE-2021-25115
- CVE
- Application
- Date
- Jun 07, 2024, 07:06:15
- Research Description
- The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable to Stored Cross-Site Scripting (XSS). Error log content was handled improperly, therefore any user, even unauthenticated, could cause arbitrary javascript to be executed in the admin panel.
- Status
-
vulnerableMedium
- Actual on
- Jul 05, 2024, 11:07:25
WP Photo Album Plus # CVE-2015-3647
- CVE
- Application
- Date
- Jun 07, 2024, 07:06:15
- Research Description
- Multiple cross-site scripting (XSS) vulnerabilities in wppa-ajax-front.php in the WP Photo Album Plus (aka WPPA) plugin before 6.1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) comemail or (2) comname parameter in a wppa do-comment action.
- Status
-
vulnerableMedium
- Actual on
- Jul 05, 2024, 11:07:25
WP Photo Album Plus # CVE-2023-49813
- CVE
- Application
- Date
- Jun 07, 2024, 07:06:15
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Stored XSS.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.
- Status
-
vulnerableMedium
- Actual on
- Jul 05, 2024, 11:07:25
WP Photo Album Plus # CVE-2023-49774
- CVE
- Application
- Date
- Jun 07, 2024, 07:06:15
- Research Description
- Exposure of Sensitive Information to an Unauthorized Actor vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.
- Status
-
vulnerableMedium
- Actual on
- Jul 05, 2024, 11:07:25
WP Photo Album Plus # CVE-2024-4037
- CVE
- Application
- Date
- Jun 07, 2024, 07:06:15
- Research Description
- The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
- Status
-
vulnerableMedium
- Actual on
- Jul 05, 2024, 11:07:25
WP Photo Album Plus # CVE-2024-31286
- CVE
- Application
- Date
- Jun 07, 2024, 07:06:15
- Research Description
- Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a before 8.6.03.005.
- Status
-
vulnerableVeryHigh
- Actual on
- Jul 05, 2024, 11:07:25
WP Photo Album Plus # CVE-2024-31377
- CVE
- Application
- Date
- Jun 07, 2024, 07:06:15
- Research Description
- Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.7.01.001.
- Status
-
vulnerableVeryHigh
- Actual on
- Jul 05, 2024, 11:07:25
WP Photo Album Plus # CVE-2023-49812
- CVE
- Application
- Date
- Jun 07, 2024, 07:06:15
- Research Description
- Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.
- Status
-
vulnerableHigh
- Actual on
- Jul 05, 2024, 11:07:25
WP Photo Album Plus # CVE-2014-8814
- CVE
- Application
- Date
- Jun 10, 2024, 12:06:27
- Research Description
- The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘walbum’ parameter in versions up to, and including, 5.4.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
- Status
-
vulnerableMedium
- Actual on
- Jul 05, 2024, 11:07:25
WP Photo Album Plus # CVE-2008-0939
- CVE
- Application
- Date
- Jun 10, 2024, 12:06:28
- Research Description
- Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to index.php, used by the wppa_album_name function. NOTE: some of these details are obtained from third party information.
- Status
-
vulnerableVeryHigh
- Actual on
- Jul 05, 2024, 11:07:25
WP Photo Album Plus # CVE-2024-37416
- CVE
- Application
- Date
- Jul 02, 2024, 17:07:07
- Research Description
- WP Photo Album Plus [wp-photo-album-plus] < 8.8.00.003 CVE-2024-37416
- Status
-
vulnerableUnknown
- Actual on
- Jul 05, 2024, 11:07:25