CVE-2024-10958
- EPSS 56.07%
- Veröffentlicht 10.11.2024 13:15:03
- Zuletzt bearbeitet 14.11.2024 14:57:23
The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an...
CVE-2024-37416
- EPSS 0.27%
- Veröffentlicht 22.07.2024 09:15:09
- Zuletzt bearbeitet 21.11.2024 09:23:48
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Reflected XSS.This issue affects WP Photo Album Plus: from n/a through 8.8.00.002.
CVE-2023-49774
- EPSS 0.33%
- Veröffentlicht 04.06.2024 12:15:09
- Zuletzt bearbeitet 21.11.2024 08:33:49
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Photo Album Plus: from n/a through 8.5...
CVE-2024-4037
- EPSS 0.7%
- Veröffentlicht 24.05.2024 09:15:08
- Zuletzt bearbeitet 04.04.2025 17:52:02
The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validat...
CVE-2023-49812
- EPSS 0.11%
- Veröffentlicht 19.12.2023 21:15:09
- Zuletzt bearbeitet 21.11.2024 08:33:53
Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.