Cross-Site Scripting Vulnerability in WP Photo Album Plus Plugin by WordPress
CVE-2026-57675
7.1HIGH
What is CVE-2026-57675?
The WP Photo Album Plus plugin for WordPress is vulnerable to an unauthenticated Cross-Site Scripting (XSS) attack affecting versions up to 9.2.02.004. This vulnerability could allow attackers to inject malicious scripts into the pages viewed by users, potentially compromising sensitive data and leading to a range of security issues.
Affected Version(s)
WP Photo Album Plus <= 9.2.02.004