cleantalk
Vulnerabilities and Security Researches

WP Photo Album Plus, CVE-2013-3254

CVE, Research URL

CVE-2013-3254

Home page URL

Security reports for WP Photo Album Plus

Application

WP Photo Album Plus

Published on
May 10, 2013
Research Description
Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the WP Photo Album Plus plugin before 5.0.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the commentid parameter in a wppa_manage_comments edit action.
Affected versions
Min 5.4.5, max 4.2.0.
Status
vulnerable
Previous vulnerability researches
WP Photo Album Plus (CVE-2021-25115) , Jun 07, 2024
WP Photo Album Plus (CVE-2015-3647) , Jun 07, 2024
WP Photo Album Plus (CVE-2023-49813) , Jun 07, 2024
WP Photo Album Plus (CVE-2023-49774) , Jun 07, 2024
WP Photo Album Plus (CVE-2024-4037) , Jun 07, 2024
New vulnerability
Email Template Customizer for WooCommerce (CVE-2025-64200) , Nov 11, 2025
Premmerce Wholesale Pricing for WooCommerce (CVE-2025-64285) , Nov 11, 2025
Premmerce Wholesale Pricing for WooCommerce (CVE-2025-60192) , Nov 11, 2025
Footnotes Made Easy (CVE-2025-11733) , Nov 11, 2025
CoSchedule (CVE-2025-49913) , Nov 11, 2025