Filtered by vendor Wppa
Subscriptions
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-37416 | 1 Wppa | 1 Wp Photo Album Plus | 2024-11-21 | 7.1 High |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Reflected XSS.This issue affects WP Photo Album Plus: from n/a through 8.8.00.002. | ||||
CVE-2023-49812 | 1 Wppa | 1 Wp Photo Album Plus | 2024-11-21 | 5.3 Medium |
Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005. | ||||
CVE-2024-10958 | 2 Opajaap, Wppa | 2 Wp Photo Album Plus, Wp Photo Album Plus | 2024-11-14 | 7.3 High |
The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. |
Page 1 of 1.