WordPress Plugin Vulnerabilities

WP Photo Album Plus 5.4.17 - Cross-Site Scripting (XSS)

Description

The WP Photo Album Plus WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
wp-photo-album-plus
Fixed in 5.4.18

References

CVE
CVE-2014-8814
URL
https://security.szurek.pl/wp-photo-album-plus-5417-reflected-xss.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
Kacper Szurek
Submitter website
http://security.szurek.pl/
Submitter twitter
kacperszurek
Verified
No
WPVDB ID
134dbc19-9c96-415f-9917-334c7da1fcf6

Timeline

Publicly Published
2014-11-24 (about 11 years ago)
Added
2014-11-24 (about 11 years ago)
Last Updated
2020-10-25 (about 5 years ago)

Other

Published
Title
Published
2022-01-18
Title
Image Photo Gallery Final Tiles Grid < 3.5.3 - Contributor+ Stored Cross-Site Scripting
Published
2022-12-02
Title
Chained Quiz < 1.3.2.1 - Multiple Reflected Cross-Site Scripting
Published
2023-07-19
Title
Call Now Accessibility Button < 1.1 - Admin+ Stored Cross Site Scripting
Published
2023-10-09
Title
Login screen manager <= 3.5.2 - Admin+ Stored XSS
Published
2024-04-16
Title
QR Code Composer < 2.0.4 - Subscriber+ Stored XSS