Cross-Site Scripting Vulnerability in WP Photo Album Plus Plugin for WordPress
CVE-2015-3647

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP-photo-album-plus
Vendor: CVE Published:; 21 May 2015

Summary

The WP Photo Album Plus plugin for WordPress is susceptible to multiple cross-site scripting (XSS) vulnerabilities. An attacker can exploit these weaknesses by injecting arbitrary web scripts or HTML into the application using the 'comemail' or 'comname' parameters through a wppa do-comment action. This allows for potential remote code execution and can compromise the security of the website by manipulating user sessions or stealing sensitive information. Upgrading to version 6.1.3 or later is advised to mitigate these risks.

References

http://www.securityfocus.com/bid/74741

vdb-entryx_refsource_BID

https://www.htbridge.com/advisory/HTB23257

x_refsource_MISC

http://www.securityfocus.com/archive/1/535575/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
May 21, 2015
Vulnerability Reserved
May 6, 2015