10 results (0.004 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-38713 – WordPress WP Photo Album Plus plugin <= 8.8.02.002 - Authenticated Stored Cross Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2024-38713

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Stored XSS.This issue affects WP Photo Album Plus: from n/a through 8.8.02.002. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en JN Breetvelt, también conocido como OpaJaap WP Photo Album Plus, permite XSS almacenado. Este problema afecta a WP Photo Album Plus: desde n/a hasta 8.8.02.002. • https://patchstack.com/database/vulnerability/wp-photo-album-plus/wordpress-wp-photo-album-plus-plugin-8-8-01-007-authenticated-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-37416 – WordPress WP Photo Album Plus plugin <= 8.8.00.002 - Reflected Cross Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2024-37416

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Reflected XSS.This issue affects WP Photo Album Plus: from n/a through 8.8.00.002. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en JN Breetvelt, también conocido como OpaJaap WP Photo Album Plus, permite XSS reflejado. Este problema afecta a WP Photo Album Plus: desde n/a hasta 8.8.00.002. • https://patchstack.com/database/vulnerability/wp-photo-album-plus/wordpress-wp-photo-album-plus-plugin-8-8-00-002-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-4037 – WP Photo Album Plus <= 8.7.02.003 - Unauthenticated Arbitrary Shortcode Execution

https://notcve.org/view.php?id=CVE-2024-4037

The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. El complemento WP Photo Album Plus para WordPress es vulnerable a la ejecución arbitraria de códigos cortos en todas las versiones hasta la 8.7.02.003 incluida. Esto se debe a que el complemento permite a usuarios no autenticados ejecutar una acción que no valida correctamente un valor antes de ejecutar do_shortcode. • https://plugins.trac.wordpress.org/browser/wp-photo-album-plus/trunk/wppa-ajax.php#L1138 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3078746%40wp-photo-album-plus&new=3078746%40wp-photo-album-plus&sfp_email=&sfph_mail=#file3 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3079831%40wp-photo-album-plus&new=3079831%40wp-photo-album-plus&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/3d6b95ee • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-31377 – WordPress WP Photo Album Plus plugin <= 8.7.01.001 - Unauth. Arbitrary File Upload vulnerability

https://notcve.org/view.php?id=CVE-2024-31377

Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.7.01.001. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en JN Breetvelt, también conocido como OpaJaap WP Photo Album Plus. Este problema afecta a WP Photo Album Plus: desde n/a hasta 8.7.01.001. • https://patchstack.com/database/vulnerability/wp-photo-album-plus/wordpress-wp-photo-album-plus-plugin-8-7-01-001-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-31286 – WordPress WP Photo Album Plus plugin < 8.6.03.005 - Arbitrary File Upload vulnerability

https://notcve.org/view.php?id=CVE-2024-31286

Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a before 8.6.03.005. Carga de archivos a sin restricciones con vulnerabilidad de tipo peligroso en J.N. Breetvelt también conocido como OpaJaap WP Photo Album Plus. • https://patchstack.com/database/vulnerability/wp-photo-album-plus/wordpress-wp-photo-album-plus-plugin-8-6-03-005-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •