Skip to main content

Wp Photo Album Plus CVE-2023-49812

MEDIUM
Authorization Bypass Through User-Controlled Key (CWE-639)
2023-12-19 audit@patchstack.com
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 19, 2023 - 21:15 cve.org
MEDIUM 5.3

DescriptionCVE.org

Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.

AnalysisAI

Authorization Bypass Through User-Controlled Key vulnerability in J.N. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-639. Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.5.02.005. Affected products include: Wppa Wp Photo Album Plus. Version information: through 8.5.02.005..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-25115 MEDIUM POC
6.4 Feb 14

The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable to Stored Cross-Site Scripting (XSS). Rated medium

CVE-2026-39511 CRITICAL
9.3 Jun 15

Unauthenticated SQL injection in the WP Photo Album Plus WordPress plugin (versions ≤ 9.1.08.001) allows remote attacker

CVE-2015-3647 MEDIUM POC
4.3 May 21

Multiple cross-site scripting (XSS) vulnerabilities in wppa-ajax-front.php in the WP Photo Album Plus (aka WPPA) plugin

CVE-2026-54829 HIGH
7.5 Jun 25

Blind SQL injection in the WP Photo Album Plus WordPress plugin (all versions up to and including 9.1.13.005) lets remot

CVE-2024-10958 HIGH
7.3 Nov 10

The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrendere

CVE-2026-57675 HIGH
7.1 Jul 02

Reflected/unauthenticated Cross-Site Scripting in the WP Photo Album Plus WordPress plugin (versions <= 9.2.02.004) lets

CVE-2024-4037 MEDIUM
6.5 May 24

The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and i

CVE-2026-10095 MEDIUM
6.4 Jul 01

Stored Cross-Site Scripting in WP Photo Album Plus (WordPress plugin, all versions through 9.1.13.005) allows contributo

CVE-2024-37416 MEDIUM
6.1 Jul 22

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in J.N. Rated

CVE-2013-3254 MEDIUM
4.3 May 10

Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the WP Photo Album Plus plugin before 5.0.3 for WordPr

Share

CVE-2023-49812 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy