CVE-2024-10958
- EPSS 56.07%
- Published 10.11.2024 13:15:03
- Last modified 14.11.2024 14:57:23
The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an...
CVE-2024-37416
- EPSS 0.27%
- Published 22.07.2024 09:15:09
- Last modified 21.11.2024 09:23:48
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Reflected XSS.This issue affects WP Photo Album Plus: from n/a through 8.8.00.002.
CVE-2023-49774
- EPSS 0.33%
- Published 04.06.2024 12:15:09
- Last modified 21.11.2024 08:33:49
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Photo Album Plus: from n/a through 8.5...
CVE-2024-4037
- EPSS 0.7%
- Published 24.05.2024 09:15:08
- Last modified 04.04.2025 17:52:02
The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validat...
CVE-2023-49812
- EPSS 0.11%
- Published 19.12.2023 21:15:09
- Last modified 21.11.2024 08:33:53
Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.