WordPress WP Photo Album Plus Plugin <= 8.5.02.005 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-49813

7.1HIGH

Key Information:

Vendor: WordPress
Status: WP Photo Album Plus
Vendor: CVE Published:; 14 December 2023

What is CVE-2023-49813?

A Cross-site Scripting (XSS) vulnerability has been identified in the WP Photo Album Plus plugin by OpaJaap. This flaw results from the improper neutralization of user input during web page generation, permitting the injection of malicious scripts that can be executed in the context of an unsuspecting user's browser. This security issue specifically impacts versions of WP Photo Album Plus from 'n/a' to 8.5.02.005, allowing attackers to store harmful JavaScript within the application, potentially compromising user data and session integrity.

Affected Version(s)

WP Photo Album Plus <= 8.5.02.005

References

https://patchstack.com/database/vulnerability/wp-photo-al...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 14, 2023
Vulnerability Reserved
Nov 30, 2023

Credit

Kyle Sanchez (Patchstack Alliance)