WP Photo Album Plus
Jacob N. Breetvelt
Developer
9.1.02.003
Latest version
10,000
Installations
Nov 9, 2025
Last updated
Vulnerability history
0 present
22 fixed
10 Mitigation rules
- Authenticated (Subscriber+) Stored Cross-Site Scripting via wppa_user_upload vulnerability<= 9.0.11.006Oct 3, 2025
- Unauthenticated Arbitrary Shortcode Execution via getshortcodedrenderedfenodelay vulnerability<= 8.8.08.007Nov 11, 2024
- Reflected Cross-Site Scripting vulnerability<= 8.8.05.003Oct 16, 2024
- Authenticated Stored Cross Site Scripting (XSS) vulnerability<= 8.8.02.002Jul 11, 2024
- Reflected Cross Site Scripting (XSS) vulnerability<= 8.8.00.002Jun 28, 2024
- Unauthenticated Arbitrary Shortcode Execution vulnerability<= 8.7.00.003May 24, 2024
- Unauthenticated Arbitrary File Upload vulnerability<= 8.7.01.001May 7, 2024
- Arbitrary File Upload vulnerability< 8.6.03.005Apr 5, 2024
- Cross Site Scripting (XSS) vulnerability<= 8.5.02.005Dec 5, 2023
- Insecure Direct Object References (IDOR) vulnerability<= 8.5.02.005Dec 5, 2023
- IP Bypass vulnerability<= 8.5.02.005Dec 5, 2023
- Stored Cross-Site Scripting (XSS) vulnerability<= 8.0.9Jan 2, 2022
- Cross Site Scripting5.4.4Jun 19, 2016
- Full Path Disclosure<= 4.9.0Oct 18, 2015
- XSS<= 4.9.2May 15, 2015
- XSS<= 5.0.10May 15, 2015
- Stored XSS<= 5.4.8May 15, 2015
- Reflected XSS<= 5.4.17May 15, 2015
- XSS<= 4.8.11May 15, 2015
- Multiple XSS<= 6.1.2May 6, 2015
- XSS<= 5.0.2Apr 22, 2013
- SQL Injection<= 4.1.1Oct 15, 2011