CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49813 – WordPress WP Photo Album Plus Plugin <= 8.5.02.005 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-49813
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Stored XSS.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en J.N. Breetvelt a.K.A. • https://patchstack.com/database/vulnerability/wp-photo-album-plus/wordpress-wp-photo-album-plus-plugin-8-5-02-005-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25115 – WP Photo Album Plus < 8.0.10 - Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-25115
The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable to Stored Cross-Site Scripting (XSS). Error log content was handled improperly, therefore any user, even unauthenticated, could cause arbitrary javascript to be executed in the admin panel. El plugin WP Photo Album Plus de WordPress versiones anteriores a 8.0.10, era vulnerable a un ataque de tipo Cross-Site Scripting (XSS) Almacenado. El contenido del registro de errores era manejado inapropiadamente, por lo que cualquier usuario, incluso no autenticado, podía causar una ejecución de javascript arbitrario en el panel de administración • https://plugins.trac.wordpress.org/changeset/2655859/wp-photo-album-plus https://wpscan.com/vulnerability/dbc18c2c-7547-44fc-8a41-c819757e47a7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •