Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WP Photo Album Plus — Vulnerabilities & Security Advisories 13

All 13 CVE vulnerabilities found in WP Photo Album Plus, with AI-generated Chinese analysis, references, and POCs.

Vendor: Unknown

CVE IDTitleCVSSSeverityPublished
CVE-2025-14835 WP Photo Album Plus <= 9.1.05.008 - Reflected Cross-Site Scripting CWE-80 7.1 High2026-01-07
CVE-2025-8726 WP Photo Album Plus <= 9.0.11.006 - Authenticated (Subscriber+) Stored Cross-Site Scripting via wppa_user_upload CWE-79 5.4 Medium2025-10-04
CVE-2024-10958 WP Photo Album Plus <= 8.8.08.007 - Unauthenticated Arbitrary Shortcode Execution via getshortcodedrenderedfenodelay CWE-94 7.3 High2024-11-10
CVE-2024-9951 Wordpress Photo Album Plus <= 8.8.05.003 - Reflected Cross-Site Scripting CWE-79 6.1 Medium2024-10-17
CVE-2024-37416 WordPress WP Photo Album Plus plugin <= 8.8.00.002 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2024-07-22
CVE-2024-38713 WordPress WP Photo Album Plus plugin <= 8.8.02.002 - Authenticated Stored Cross Site Scripting (XSS) vulnerability CWE-79 6.5 Medium2024-07-20
CVE-2023-49774 WordPress WP Photo Album Plus plugin <= 8.5.02.005 - IP Bypass vulnerability CWE-200 5.3 Medium2024-06-04
CVE-2024-4037 WP Photo Album Plus <= 8.7.02.003 - Unauthenticated Arbitrary Shortcode Execution CWE-94 6.5 Medium2024-05-24
CVE-2024-31377 WordPress WP Photo Album Plus plugin <= 8.7.01.001 - Unauth. Arbitrary File Upload vulnerability CWE-434 10.0 Critical2024-05-13
CVE-2024-31286 WordPress WP Photo Album Plus plugin < 8.6.03.005 - Arbitrary File Upload vulnerability CWE-434 9.9 Critical2024-04-07
CVE-2023-49812 WordPress WP Photo Album Plus Plugin <= 8.5.02.005 is vulnerable to Insecure Direct Object References (IDOR) CWE-639 5.3 Medium2023-12-19
CVE-2023-49813 WordPress WP Photo Album Plus Plugin <= 8.5.02.005 is vulnerable to Cross Site Scripting (XSS) CWE-79 7.1 High2023-12-14
CVE-2021-25115 WP Photo Album Plus < 8.0.10 - Stored Cross-Site Scripting (XSS) CWE-79 5.4 -2022-02-14

All 13 known CVE vulnerabilities affecting WP Photo Album Plus with full Chinese analysis, references, and POCs where available.