CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 3CVE-2015-3647 – WP Photo Album Plus < 6.1.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-3647
Multiple cross-site scripting (XSS) vulnerabilities in wppa-ajax-front.php in the WP Photo Album Plus (aka WPPA) plugin before 6.1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) comemail or (2) comname parameter in a wppa do-comment action. Múltiples vulnerabilidades de XSS en wppa-ajax-front.php en el plugin WP Photo Album Plus (también conocido como WPPA) anterior a 6.1.3 para WordPress permiten a atacantes remotos inyectar secuencias de comandos arbitrarios o HTML a través del parámetro (1) comemail o (2) comname en una acción wppa do-comment. WordPress WP Photo Album Plus plugin version 6.1.2 suffers from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/131976/WordPress-WP-Photo-Album-Plus-6.1.2-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/535575/100/0/threaded http://www.securityfocus.com/bid/74741 https://wordpress.org/plugins/wp-photo-album-plus/changelog https://www.htbridge.com/advisory/HTB23257 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2013-3254 – WP Photo Album Plus < 5.0.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-3254
Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the WP Photo Album Plus plugin before 5.0.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the commentid parameter in a wppa_manage_comments edit action. Vulnerabilidad Cross-site scripting (XSS) en wp-admin/admin.php en el plugin WP Photo Album Plus anterior a v5.0.3 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro "commentid" en la acción de edición "wppa_manage_comments". • http://secunia.com/advisories/53105 http://wordpress.org/extend/plugins/wp-photo-album-plus/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •