CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49774 – WordPress WP Photo Album Plus plugin <= 8.5.02.005 - IP Bypass vulnerability
https://notcve.org/view.php?id=CVE-2023-49774
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005. La exposición de información confidencial a una vulnerabilidad de actor no autorizado en JN Breetvelt, también conocido como OpaJaap WP Photo Album Plus, permite acceder a funciones no restringidas adecuadamente por las ACL. Este problema afecta a WP Photo Album Plus: desde n/a hasta 8.5.02.005. • https://patchstack.com/database/vulnerability/wp-photo-album-plus/wordpress-wp-photo-album-plus-plugin-8-5-02-005-ip-bypass-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-348: Use of Less Trusted Source •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49813 – WordPress WP Photo Album Plus Plugin <= 8.5.02.005 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-49813
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Stored XSS.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en J.N. Breetvelt a.K.A. • https://patchstack.com/database/vulnerability/wp-photo-album-plus/wordpress-wp-photo-album-plus-plugin-8-5-02-005-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49812 – WordPress WP Photo Album Plus Plugin <= 8.5.02.005 is vulnerable to Insecure Direct Object References (IDOR)
https://notcve.org/view.php?id=CVE-2023-49812
Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en J.N. Breetvelt a.K.A. • https://patchstack.com/database/vulnerability/wp-photo-album-plus/wordpress-wp-photo-album-plus-plugin-8-5-02-005-insecure-direct-object-references-idor-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25115 – WP Photo Album Plus < 8.0.10 - Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-25115
The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable to Stored Cross-Site Scripting (XSS). Error log content was handled improperly, therefore any user, even unauthenticated, could cause arbitrary javascript to be executed in the admin panel. El plugin WP Photo Album Plus de WordPress versiones anteriores a 8.0.10, era vulnerable a un ataque de tipo Cross-Site Scripting (XSS) Almacenado. El contenido del registro de errores era manejado inapropiadamente, por lo que cualquier usuario, incluso no autenticado, podía causar una ejecución de javascript arbitrario en el panel de administración • https://plugins.trac.wordpress.org/changeset/2655859/wp-photo-album-plus https://wpscan.com/vulnerability/dbc18c2c-7547-44fc-8a41-c819757e47a7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8814 – WP Photo Album Plus <= 5.4.17 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-8814
The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘walbum’ parameter in versions up to, and including, 5.4.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •