🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

WP Photo Album Plus

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > WP Photo Album Plus

Information

Software Type	Plugin
Software Slug	wp-photo-album-plus (view on wordpress.org)
Software Status	Active
Software Author	opajaap
Software Website	wordpress.org
Software Downloads	3,137,034
Software Active Installs	10,000
Software Record Last Updated	May 3, 2024

10 Vulnerabilities

WP Photo Album Plus <= 8.6.03.004 - Authenticated (Subscriber+) Arbitrary File Upload

9.9

CVE-2024-31286

Apr 5, 2024

Researcher: stealthcopter

WP Photo Album Plus <= 8.5.02.005 - Cross-Site Scripting

6.1

CVE-2023-49813

Dec 5, 2023

Researcher: Kyle Sanchez

WP Photo Album Plus <= 8.5.02.005 - Insecure Direct Object Reference

5.3

CVE-2023-49812

Dec 5, 2023

Researcher: Kyle Sanchez

WP Photo Album Plus <= 8.5.02.005 - IP Spoofing

5.3

CVE-2023-49774

Dec 5, 2023

Researcher: Brandon James Roldan (tomorrowisnew)

WP Photo Album Plus <= 8.0.10 - Stored Cross-Site Scripting

7.2

CVE-2021-25115

Jan 2, 2022

Researcher: Krzysztof Zając

WP Photo Album Plus < 6.1.3 - Cross-Site Scripting

7.1

CVE-2015-3647

May 20, 2015

Researcher: High-Tech Bridge Security Research Lab

WP Photo Album Plus <= 5.4.17 - Reflected Cross-Site Scripting

6.1

CVE-2014-8814

Nov 6, 2014

Researcher: Kacper Szurek

WP Photo Album Plus <= 5.4.7 - Stored Cross-Site Scripting

6.4

CVE ID Unknown

Sep 17, 2014

Researcher: Voxel@Night

WP Photo Album Plus < 5.0.3 - Cross-Site Scripting

6.1

CVE-2013-3254

May 6, 2013

Researcher: Charlie Eriksen

WP Photo Album Plus <= 1.1 - SQL Injection

9.8

CVE-2008-0939

Feb 25, 2008

Researcher: S@BUN

Title	CVE ID	CVSS	Researchers	Date
WP Photo Album Plus <= 8.6.03.004 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2024-31286	9.9	stealthcopter	April 5, 2024
WP Photo Album Plus <= 8.5.02.005 - Cross-Site Scripting	CVE-2023-49813	6.1	Kyle Sanchez	December 5, 2023
WP Photo Album Plus <= 8.5.02.005 - Insecure Direct Object Reference	CVE-2023-49812	5.3	Kyle Sanchez	December 5, 2023
WP Photo Album Plus <= 8.5.02.005 - IP Spoofing	CVE-2023-49774	5.3	Brandon James Roldan (tomorrowisnew)	December 5, 2023
WP Photo Album Plus <= 8.0.10 - Stored Cross-Site Scripting	CVE-2021-25115	7.2	Krzysztof Zając	January 2, 2022
WP Photo Album Plus < 6.1.3 - Cross-Site Scripting	CVE-2015-3647	7.1	High-Tech Bridge Security Research Lab	May 20, 2015
WP Photo Album Plus <= 5.4.17 - Reflected Cross-Site Scripting	CVE-2014-8814	6.1	Kacper Szurek	November 6, 2014
WP Photo Album Plus <= 5.4.7 - Stored Cross-Site Scripting		6.4	Voxel@Night	September 17, 2014
WP Photo Album Plus < 5.0.3 - Cross-Site Scripting	CVE-2013-3254	6.1	Charlie Eriksen	May 6, 2013
WP Photo Album Plus <= 1.1 - SQL Injection	CVE-2008-0939	9.8	S@BUN	February 25, 2008

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation