CVE-2024-31286 – WordPress WP Photo Album Plus plugin < 8.6.03.005 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-31286
Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a before 8.6.03.005. Carga de archivos a sin restricciones con vulnerabilidad de tipo peligroso en J.N. Breetvelt también conocido como OpaJaap WP Photo Album Plus. • https://patchstack.com/database/vulnerability/wp-photo-album-plus/wordpress-wp-photo-album-plus-plugin-8-6-03-005-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2023-49813 – WordPress WP Photo Album Plus Plugin <= 8.5.02.005 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-49813
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Stored XSS.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en J.N. Breetvelt a.K.A. • https://patchstack.com/database/vulnerability/wp-photo-album-plus/wordpress-wp-photo-album-plus-plugin-8-5-02-005-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-49812 – WordPress WP Photo Album Plus Plugin <= 8.5.02.005 is vulnerable to Insecure Direct Object References (IDOR)
https://notcve.org/view.php?id=CVE-2023-49812
Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en J.N. Breetvelt a.K.A. • https://patchstack.com/database/vulnerability/wp-photo-album-plus/wordpress-wp-photo-album-plus-plugin-8-5-02-005-insecure-direct-object-references-idor-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVE-2023-49774 – WordPress WP Photo Album Plus plugin <= 8.5.02.005 - IP Bypass vulnerability
https://notcve.org/view.php?id=CVE-2023-49774
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005. La exposición de información confidencial a una vulnerabilidad de actor no autorizado en JN Breetvelt, también conocido como OpaJaap WP Photo Album Plus, permite acceder a funciones no restringidas adecuadamente por las ACL. Este problema afecta a WP Photo Album Plus: desde n/a hasta 8.5.02.005. • https://patchstack.com/database/vulnerability/wp-photo-album-plus/wordpress-wp-photo-album-plus-plugin-8-5-02-005-ip-bypass-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-348: Use of Less Trusted Source •
CVE-2021-25115 – WP Photo Album Plus < 8.0.10 - Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-25115
The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable to Stored Cross-Site Scripting (XSS). Error log content was handled improperly, therefore any user, even unauthenticated, could cause arbitrary javascript to be executed in the admin panel. El plugin WP Photo Album Plus de WordPress versiones anteriores a 8.0.10, era vulnerable a un ataque de tipo Cross-Site Scripting (XSS) Almacenado. El contenido del registro de errores era manejado inapropiadamente, por lo que cualquier usuario, incluso no autenticado, podía causar una ejecución de javascript arbitrario en el panel de administración • https://plugins.trac.wordpress.org/changeset/2655859/wp-photo-album-plus https://wpscan.com/vulnerability/dbc18c2c-7547-44fc-8a41-c819757e47a7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •