Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total6
Critical0
High2
Medium4
Reset
Showing 1-6 of 6 records
Threat Entry Updated 2026-01-08

CVE-2025-14835 - Wp Photo Album Plus Plugin

The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and including, 9.1.05.008 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Wp Photo Album Plus

CVE-2025-14835

HIGH CVSS 7.1 2026-01-07
Open Full Technical Breakdown
Threat Entry Updated 2025-10-06

CVE-2025-8726 - Wp Photo Album Plus Plugin

The WP Photo Album Plus plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 9.0.11.006 due to insufficient input sanitization and output escaping in the wppa_user_upload function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in the photo album descriptions that execute in a victim's browser.

PLUGIN Wp Photo Album Plus

CVE-2025-8726

MEDIUM CVSS 5.4 2025-10-04
Open Full Technical Breakdown
Threat Entry Updated 2024-11-14

CVE-2024-10958 - The Wp Photo Album Plus Plugin

The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

PLUGIN The Wp Photo Album Plus

CVE-2024-10958

HIGH CVSS 7.3 2024-11-10
Open Full Technical Breakdown
Threat Entry Updated 2024-10-18

CVE-2024-9951 - Wp Photo Album Plus Plugin

The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wppa-tab' parameter in all versions up to, and including, 8.8.05.003 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Wp Photo Album Plus

CVE-2024-9951

MEDIUM CVSS 6.1 2024-10-17
Open Full Technical Breakdown
Threat Entry Updated 2025-04-04

CVE-2024-4037 - Wp Photo Album Plus Plugin

The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

PLUGIN Wp Photo Album Plus

CVE-2024-4037

MEDIUM CVSS 6.5 2024-05-24
Open Full Technical Breakdown
Threat Entry Updated 2026-03-20

CVE-2021-25115 - Wp Photo Album Plus Plugin

The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable to Stored Cross-Site Scripting (XSS). Error log content was handled improperly, therefore any user, even unauthenticated, could cause arbitrary javascript to be executed in the admin panel.

PLUGIN Wp Photo Album Plus

CVE-2021-25115

MEDIUM CVSS 6.4 2022-02-14
Open Full Technical Breakdown
Scroll to top