CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37416 – WordPress WP Photo Album Plus plugin <= 8.8.00.002 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-37416
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Reflected XSS.This issue affects WP Photo Album Plus: from n/a through 8.8.00.002. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en JN Breetvelt, también conocido como OpaJaap WP Photo Album Plus, permite XSS reflejado. Este problema afecta a WP Photo Album Plus: desde n/a hasta 8.8.00.002. • https://patchstack.com/database/vulnerability/wp-photo-album-plus/wordpress-wp-photo-album-plus-plugin-8-8-00-002-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49812 – WordPress WP Photo Album Plus Plugin <= 8.5.02.005 is vulnerable to Insecure Direct Object References (IDOR)
https://notcve.org/view.php?id=CVE-2023-49812
Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en J.N. Breetvelt a.K.A. • https://patchstack.com/database/vulnerability/wp-photo-album-plus/wordpress-wp-photo-album-plus-plugin-8-5-02-005-insecure-direct-object-references-idor-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 3CVE-2015-3647 – WP Photo Album Plus < 6.1.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-3647
Multiple cross-site scripting (XSS) vulnerabilities in wppa-ajax-front.php in the WP Photo Album Plus (aka WPPA) plugin before 6.1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) comemail or (2) comname parameter in a wppa do-comment action. Múltiples vulnerabilidades de XSS en wppa-ajax-front.php en el plugin WP Photo Album Plus (también conocido como WPPA) anterior a 6.1.3 para WordPress permiten a atacantes remotos inyectar secuencias de comandos arbitrarios o HTML a través del parámetro (1) comemail o (2) comname en una acción wppa do-comment. WordPress WP Photo Album Plus plugin version 6.1.2 suffers from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/131976/WordPress-WP-Photo-Album-Plus-6.1.2-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/535575/100/0/threaded http://www.securityfocus.com/bid/74741 https://wordpress.org/plugins/wp-photo-album-plus/changelog https://www.htbridge.com/advisory/HTB23257 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2013-3254 – WP Photo Album Plus < 5.0.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-3254
Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the WP Photo Album Plus plugin before 5.0.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the commentid parameter in a wppa_manage_comments edit action. Vulnerabilidad Cross-site scripting (XSS) en wp-admin/admin.php en el plugin WP Photo Album Plus anterior a v5.0.3 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro "commentid" en la acción de edición "wppa_manage_comments". • http://secunia.com/advisories/53105 http://wordpress.org/extend/plugins/wp-photo-album-plus/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •