Vulnerabilities and security researches forwp-photo-album-plus wp-photo-album-plus

Direction: descending

Jun 25, 2026

WP Photo Album Plus # CVE-2026-54829

CVE, Research URL: CVE-2026-54829
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: -
Research Description: WP Photo Album Plus [wp-photo-album-plus] < 9.2.01.001 CVE-2026-54829
Affected versions: max 9.2.01.001.
Status: vulnerable

Jun 16, 2026

WP Photo Album Plus # db114a6cc3ed913fafaf0fec6606e454374e54fd

CVE, Research URL: db114a6cc3ed913fafaf0fec6606e454374e54fd
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: May 15, 2015
Research Description: WP Photo Album Plus [wp-photo-album-plus] < 4.8.12 WordPress WP Photo Album Plus Plugin <= 4.8.11 - XSS This plugin is prone to wp-photo-album-plus.php wppa-searchstring cross site scripting vulnerability Update the plugin.
Affected versions: max 4.8.12.
Status: vulnerable

WP Photo Album Plus # 60a217d11704d0619509744d04379bd49df588d9

CVE, Research URL: 60a217d11704d0619509744d04379bd49df588d9
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: Jun 19, 2016
Research Description: WP Photo Album Plus [wp-photo-album-plus] < 5.4.5 WordPress WP Photo Album Plus Plugin <= 5.4.4 - Cross Site Scripting This plugin is prone to a cross site scripting vulnerability. Update the plugin.
Affected versions: max 5.4.5.
Status: vulnerable

WP Photo Album Plus # 3754cfbd13b78cc3dbdae21bc2f7b8e0a2e85c61

CVE, Research URL: 3754cfbd13b78cc3dbdae21bc2f7b8e0a2e85c61
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: May 15, 2015
Research Description: WP Photo Album Plus [wp-photo-album-plus] < 5.0.11 WordPress WP Photo Album Plus Plugin <= 5.0.10 - XSS This plugin is prone to wp-admin/admin.php edit_id parameter cross site scripting vulnerability. Update the plugin.
Affected versions: max 5.0.11.
Status: vulnerable

WP Photo Album Plus # 11a6e9ded1432ac3927c200d193aebb845d109b9

CVE, Research URL: 11a6e9ded1432ac3927c200d193aebb845d109b9
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: May 15, 2015
Research Description: WP Photo Album Plus [wp-photo-album-plus] < 5.4.18 WordPress WP Photo Album Plus Plugin <= 5.4.17 Reflected XSS Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Update the plugin.
Affected versions: max 5.4.18.
Status: vulnerable

WP Photo Album Plus # 822f2c3b-2b5b-40a8-b18b-47de228caf30

CVE, Research URL: 822f2c3b-2b5b-40a8-b18b-47de228caf30
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: -
Research Description: WP Photo Album Plus [wp-photo-album-plus] < 4.9.1 WP Photo Album Plus - Full Path Disclosure The WP Photo Album Plus WordPress plugin was affected by a Full Path Disclosure security vulnerability.
Affected versions: max 4.9.1.
Status: vulnerable

WP Photo Album Plus # eb2ff4cf218ffe6232da4e38aebd77844497d7a4

CVE, Research URL: eb2ff4cf218ffe6232da4e38aebd77844497d7a4
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: May 15, 2015
Research Description: WP Photo Album Plus [wp-photo-album-plus] < 4.9.3 WordPress WP Photo Album Plus Plugin <= 4.9.2 - XSS This plugin is prone to index.php wppa-tag parameter cross site scripting vulnerability. Update the plugin.
Affected versions: max 4.9.3.
Status: vulnerable

WP Photo Album Plus # 7aa775aed713ae615ab608d4d7cabe33df0e3a3a

CVE, Research URL: 7aa775aed713ae615ab608d4d7cabe33df0e3a3a
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: May 15, 2015
Research Description: WP Photo Album Plus [wp-photo-album-plus] < 5.4.9 WordPress WP Photo Album Plus Plugin <= 5.4.8 - Stored XSS This plugin is prone to a stored cross site scripting vulnerability. Update the plugin.
Affected versions: max 5.4.9.
Status: vulnerable

WP Photo Album Plus # 0870d4ecb90d9a5be79d1a28205fbf2762e7e054

CVE, Research URL: 0870d4ecb90d9a5be79d1a28205fbf2762e7e054
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: Oct 15, 2011
Research Description: WP Photo Album Plus [wp-photo-album-plus] < 4.1.2 WordPress Photo Album Plus Plugin <= 4.1.1 - SQL Injection WPPhoto Album Plus plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Update the plugin.
Affected versions: max 4.1.2.
Status: vulnerable

WP Photo Album Plus # cc03812f-c60e-4c83-a8f5-e4567a96d65c

CVE, Research URL: cc03812f-c60e-4c83-a8f5-e4567a96d65c
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: -
Research Description: WP Photo Album Plus [wp-photo-album-plus] < 5.4.8 WP Photo Album Plus 5.4.5 - 5.4.8 Stored XSS The WP Photo Album Plus WordPress plugin was affected by a 5.4.8 Stored XSS security vulnerability.
Affected versions: max 5.4.8.
Status: vulnerable

WP Photo Album Plus # ca9da69344d5721ca2a97f6eaeb76a0e8c6fddfe

CVE, Research URL: ca9da69344d5721ca2a97f6eaeb76a0e8c6fddfe
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: Oct 18, 2015
Research Description: WP Photo Album Plus [wp-photo-album-plus] < 4.9.1 WordPress WP Photo Album Plus Plugin <= 4.9.0 - Full Path Disclosure This plugin is prone to a full path disclosure vulnerability. Update the plugin.
Affected versions: max 4.9.1.
Status: vulnerable

WP Photo Album Plus # 63232980-9bb5-48fa-b9ce-1076dd52c6d5

CVE, Research URL: 63232980-9bb5-48fa-b9ce-1076dd52c6d5
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: -
Research Description: WP Photo Album Plus [wp-photo-album-plus] < 5.0.11 WP Photo Album Plus - wp-admin/admin.php edit_id Parameter XSS The WP Photo Album Plus WordPress plugin was affected by a wp-admin/admin.php edit_id Parameter XSS security vulnerability.
Affected versions: max 5.0.11.
Status: vulnerable

WP Photo Album Plus # 3072681f-7aa6-45ef-91c2-02cb981dff54

CVE, Research URL: 3072681f-7aa6-45ef-91c2-02cb981dff54
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: -
Research Description: WP Photo Album Plus [wp-photo-album-plus] < 5.4.5 WP Photo Album Plus 5.4.4 & 5.4.3 Cross-Site Scripting (XSS) The WP Photo Album Plus WordPress plugin was affected by security vulnerability.
Affected versions: max 5.4.5.
Status: vulnerable

WP Photo Album Plus # 1693cffd-e578-4091-84bf-cb151281ca8e

CVE, Research URL: 1693cffd-e578-4091-84bf-cb151281ca8e
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: -
Research Description: WP Photo Album Plus [wp-photo-album-plus] < 4.2.0 WP Photo Album Plus <= 4.1.1 - SQL Injection The WP Photo Album Plus WordPress plugin was affected by a SQL Injection security vulnerability.
Affected versions: max 4.2.0.
Status: vulnerable

WP Photo Album Plus # cf2ec17f-cc0f-4918-9614-ab3bcfa8cf58

CVE, Research URL: cf2ec17f-cc0f-4918-9614-ab3bcfa8cf58
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: -
Research Description: WP Photo Album Plus [wp-photo-album-plus] < 4.8.12 WP Photo Album Plus < 4.8.12 - wp-photo-album-plus.php wppa-searchstring XSS The WP Photo Album Plus WordPress plugin was affected by a wp-photo-album-plus.php wppa-searchstring XSS security vulnerability.
Affected versions: max 4.8.12.
Status: vulnerable

WP Photo Album Plus # f7b99fd4f8e9b751948a0b385e19119256d8ce92

CVE, Research URL: f7b99fd4f8e9b751948a0b385e19119256d8ce92
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: Sep 17, 2014
Research Description: WP Photo Album Plus [wp-photo-album-plus] >= 5.4.5 - <= 5.4.8 WP Photo Album Plus <= 5.4.7 - Stored Cross-Site Scripting The WP Photo Album Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'zip' parameter in versions up to, and including, 5.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min 5.4.5, max 5.4.8.
Status: vulnerable

WP Photo Album Plus # 76534e35-3b2c-493a-b589-4ce98b8ca553

CVE, Research URL: 76534e35-3b2c-493a-b589-4ce98b8ca553
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: -
Research Description: WP Photo Album Plus [wp-photo-album-plus] < 4.9.3 WP Photo Album Plus - index.php wppa-tag Parameter XSS The WP Photo Album Plus WordPress plugin was affected by an index.php wppa-tag Parameter XSS security vulnerability.
Affected versions: max 4.9.3.
Status: vulnerable

May 20, 2026

WP Photo Album Plus # CVE-2026-6379

CVE, Research URL: CVE-2026-6379
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: May 18, 2026
Research Description: The WP Photo Album Plus WordPress plugin before 9.1.11.001 does not properly sanitize and escape a parameter before using it in a SQL query, allowing unauthenticated users to perform SQL injection attacks.
Affected versions: max 9.1.11.001.
Status: vulnerable

Apr 24, 2026

WP Photo Album Plus # CVE-2026-39511

CVE, Research URL: CVE-2026-39511
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: Jun 16, 2026
Research Description: Unauthenticated SQL Injection in WP Photo Album Plus <= 9.1.08.001 versions.
Affected versions: max 9.1.08.002.
Status: vulnerable

Jan 11, 2026

WP Photo Album Plus # CVE-2025-14835

CVE, Research URL: CVE-2025-14835
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: Jan 07, 2026
Research Description: The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and including, 9.1.05.008 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: max 9.1.05.009.
Status: vulnerable

Nov 10, 2025

WP Photo Album Plus # CVE-2025-8726

CVE, Research URL: CVE-2025-8726
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: Oct 04, 2025
Research Description: The WP Photo Album Plus plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 9.0.11.006 due to insufficient input sanitization and output escaping in the wppa_user_upload function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in the photo album descriptions that execute in a victim's browser.
Affected versions: max 9.0.11.007.
Status: vulnerable

Nov 10, 2024

WP Photo Album Plus # CVE-2024-10958

CVE, Research URL: CVE-2024-10958
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: Nov 10, 2024
Research Description: The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Affected versions: max 8.9.01.001.
Status: vulnerable

Oct 18, 2024

WP Photo Album Plus # CVE-2024-9951

CVE, Research URL: CVE-2024-9951
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: Oct 17, 2024
Research Description: The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wppa-tab' parameter in all versions up to, and including, 8.8.05.003 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: max 8.8.07.004.
Status: vulnerable

Jul 15, 2024

WP Photo Album Plus # CVE-2024-38713

CVE, Research URL: CVE-2024-38713
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: Jul 20, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Stored XSS.This issue affects WP Photo Album Plus: from n/a through 8.8.02.002.
Affected versions: max 8.8.02.003.
Status: vulnerable

Jul 02, 2024

WP Photo Album Plus # CVE-2024-37416

CVE, Research URL: CVE-2024-37416
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: Jul 22, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Reflected XSS.This issue affects WP Photo Album Plus: from n/a through 8.8.00.002.
Affected versions: max 8.8.00.003.
Status: vulnerable

Jun 10, 2024

WP Photo Album Plus # CVE-2008-0939

CVE, Research URL: CVE-2008-0939
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: -
Research Description: Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to index.php, used by the wppa_album_name function. NOTE: some of these details are obtained from third party information.
Affected versions: max 1.0.
Status: vulnerable

WP Photo Album Plus # CVE-2014-8814

CVE, Research URL: CVE-2014-8814
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: -
Research Description: The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘walbum’ parameter in versions up to, and including, 5.4.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: max 5.4.17.
Status: vulnerable

Jun 07, 2024

WP Photo Album Plus # CVE-2013-3254

CVE, Research URL: CVE-2013-3254
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: May 10, 2013
Research Description: Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the WP Photo Album Plus plugin before 5.0.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the commentid parameter in a wppa_manage_comments edit action.
Affected versions: Min 5.4.5, max 5.0.3.
Status: vulnerable

WP Photo Album Plus # CVE-2021-25115

CVE, Research URL: CVE-2021-25115
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: Feb 14, 2022
Research Description: The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable to Stored Cross-Site Scripting (XSS). Error log content was handled improperly, therefore any user, even unauthenticated, could cause arbitrary javascript to be executed in the admin panel.
Affected versions: max 8.0.10.
Status: vulnerable

WP Photo Album Plus # CVE-2015-3647

CVE, Research URL: CVE-2015-3647
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: May 22, 2015
Research Description: Multiple cross-site scripting (XSS) vulnerabilities in wppa-ajax-front.php in the WP Photo Album Plus (aka WPPA) plugin before 6.1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) comemail or (2) comname parameter in a wppa do-comment action.
Affected versions: max 6.1.3.
Status: vulnerable

WP Photo Album Plus # CVE-2023-49813

CVE, Research URL: CVE-2023-49813
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: Dec 14, 2023
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Stored XSS.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.
Affected versions: max 8.6.01.005.
Status: vulnerable

WP Photo Album Plus # CVE-2023-49774

CVE, Research URL: CVE-2023-49774
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: Jun 04, 2024
Research Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.
Affected versions: max 8.6.01.005.
Status: vulnerable

WP Photo Album Plus # CVE-2024-4037

CVE, Research URL: CVE-2024-4037
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: May 24, 2024
Research Description: The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Affected versions: max 8.7.00.004.
Status: vulnerable

WP Photo Album Plus # CVE-2024-31286

CVE, Research URL: CVE-2024-31286
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: Apr 07, 2024
Research Description: Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a before 8.6.03.005.
Affected versions: max 8.6.03.005.
Status: vulnerable

WP Photo Album Plus # CVE-2024-31377

CVE, Research URL: CVE-2024-31377
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: May 14, 2024
Research Description: Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.7.01.001.
Affected versions: max 8.7.01.002.
Status: vulnerable

WP Photo Album Plus # CVE-2023-49812

CVE, Research URL: CVE-2023-49812
Home page URL: Security reports for WP Photo Album Plus
Application: WP Photo Album Plus
Date: Dec 20, 2023
Research Description: Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.
Affected versions: max 8.6.01.005.
Status: vulnerable