WP Photo Album Plus

Information

Software Type Plugin
Software Slug wp-photo-album-plus (view on wordpress.org)
Software Status Active
Software Author opajaap
Software Website wppa.nl
Software Downloads 3,225,321
Software Active Installs 10,000
Software Record Last Updated December 9, 2024

16 Vulnerabilities

6.4
CVE ID Unknown
Sep 17, 2014
Researcher: Voxel@Night
Title Status CVE ID CVSS Researchers Date
WP Photo Album Plus <= 8.8.08.007 - Unauthenticated Arbitrary Shortcode Execution via getshortcodedrenderedfenodelay Patched CVE-2024-10958 7.3 Arkadiusz Hydzik November 10, 2024
Wordpress Photo Album Plus <= 8.8.05.003 - Reflected Cross-Site Scripting Patched CVE-2024-9951 6.1 Noah Stead (TurtleBurg) October 16, 2024
WP Photo Album Plus <= 8.8.02.002 - Authenticated (Subscriber+) Stored Cross-Site Scripting Patched CVE-2024-38713 6.4 stealthcopter July 11, 2024
WP Photo Album Plus <= 8.8.00.002 - Reflected Cross-Site Scripting Patched CVE-2024-37416 6.1 stealthcopter June 28, 2024
WP Photo Album Plus <= 8.7.02.003 - Unauthenticated Arbitrary Shortcode Execution Patched CVE-2024-4037 6.5 stealthcopter May 23, 2024
WP Photo Album Plus <= 8.7.01.001 - Unauthenticated Arbitrary File Upload Patched CVE-2024-31377 10.0 stealthcopter May 7, 2024
WP Photo Album Plus <= 8.6.03.004 - Authenticated (Subscriber+) Arbitrary File Upload Patched CVE-2024-31286 9.9 stealthcopter April 5, 2024
WP Photo Album Plus <= 8.5.02.005 - Cross-Site Scripting Patched CVE-2023-49813 6.1 Kyle Sanchez December 5, 2023
WP Photo Album Plus <= 8.5.02.005 - Insecure Direct Object Reference Patched CVE-2023-49812 5.3 Kyle Sanchez December 5, 2023
WP Photo Album Plus <= 8.5.02.005 - IP Spoofing Patched CVE-2023-49774 5.3 Brandon James Roldan (tomorrowisnew) December 5, 2023
WP Photo Album Plus <= 8.0.10 - Stored Cross-Site Scripting Patched CVE-2021-25115 7.2 Krzysztof Zając January 2, 2022
WP Photo Album Plus < 6.1.3 - Cross-Site Scripting Patched CVE-2015-3647 7.1 High-Tech Bridge Security Research Lab May 20, 2015
WP Photo Album Plus <= 5.4.17 - Reflected Cross-Site Scripting Patched CVE-2014-8814 6.1 Kacper Szurek November 6, 2014
WP Photo Album Plus <= 5.4.7 - Stored Cross-Site Scripting Patched 6.4 Voxel@Night September 17, 2014
WP Photo Album Plus < 5.0.3 - Cross-Site Scripting Patched CVE-2013-3254 6.1 Charlie Eriksen May 6, 2013
WP Photo Album Plus <= 1.1 - SQL Injection Patched CVE-2008-0939 9.8 S@BUN February 25, 2008

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation