SQL Injection Vulnerability in WP Photo Album Plus by Jacob N. Breetvelt
CVE-2026-54829

7.5HIGH

Key Information:

Vendor

WordPress

Vendor
CVE Published:
25 June 2026

What is CVE-2026-54829?

An SQL injection vulnerability exists in WP Photo Album Plus by Jacob N. Breetvelt, allowing attackers to execute arbitrary SQL commands through improper neutralization of special elements in user inputs. This can lead to unauthorized access to sensitive data and manipulation of the database. Affected versions include 9.1.13.005 and earlier, presenting a significant risk for websites relying on this plugin.

Affected Version(s)

WP Photo Album Plus <= 9.1.13.005

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

daroo | Patchstack Bug Bounty Program
.