Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Wp_photo_album_plus
(Wppa)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 3 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-12-19 | CVE-2023-49812 | Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005. | Wp_photo_album_plus | 7.5 | ||
| 2024-07-22 | CVE-2024-37416 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Reflected XSS.This issue affects WP Photo Album Plus: from n/a through 8.8.00.002. | Wp_photo_album_plus | 6.1 | ||
| 2024-11-10 | CVE-2024-10958 | The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | Wp_photo_album_plus | 7.3 |