Skip to main content

Photo Engine

3 CVEs product

Monthly

CVE-2026-32524 CRITICAL Act Now

An unrestricted file upload vulnerability (CWE-434) exists in Jordy Meow's Photo Engine WordPress plugin versions up to and including 6.4.9, allowing attackers to upload malicious web shells to compromised servers. The vulnerability affects the wplr-sync component and permits arbitrary file uploads with dangerous types, potentially leading to remote code execution. No CVSS score, EPSS probability, or KEV status information is currently available, but the ability to upload executable web shells represents a critical exploitation path.

File Upload Photo Engine
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2024-43332 HIGH This Week

Missing Authorization vulnerability in Jordy Meow Photo Engine allows Exploiting Incorrectly Configured Access Control Security Levels.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Photo Engine
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-38513 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media Organizer & Lightroom).2.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Photo Engine
NVD
CVSS 3.1
5.4
EPSS
0.1%
EPSS 0% CVSS 9.1
CRITICAL Act Now

An unrestricted file upload vulnerability (CWE-434) exists in Jordy Meow's Photo Engine WordPress plugin versions up to and including 6.4.9, allowing attackers to upload malicious web shells to compromised servers. The vulnerability affects the wplr-sync component and permits arbitrary file uploads with dangerous types, potentially leading to remote code execution. No CVSS score, EPSS probability, or KEV status information is currently available, but the ability to upload executable web shells represents a critical exploitation path.

File Upload Photo Engine
NVD VulDB
EPSS 1% CVSS 8.8
HIGH This Week

Missing Authorization vulnerability in Jordy Meow Photo Engine allows Exploiting Incorrectly Configured Access Control Security Levels.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Photo Engine
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media Organizer & Lightroom).2.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Photo Engine
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy