CVE-2013-3254

Name of the Vulnerable Software and Affected Versions WP Photo Album Plus plugin versions prior to 5.0.3

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the commentid parameter in a "wppa manage comments edit" action. This occurs in the wp-admin/admin.php file of the affected plugin.

Recommendations For WP Photo Album Plus plugin versions prior to 5.0.3, update to version 5.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the wp-admin/admin.php file or avoiding the use of the commentid parameter in the wppa manage comments edit action until the update is applied.