CVE-2024-4037

Name of the Vulnerable Software and Affected Versions WP Photo Album Plus versions up to, and including, 8.7.02.003

Description The issue allows unauthenticated users to execute an action that does not properly validate a value before running do shortcode, making it possible for unauthenticated attackers to execute arbitrary shortcodes. This is due to the plugin not properly validating a value before executing the do shortcode function.

Recommendations For versions up to, and including, 8.7.02.003, update to a version later than 8.7.02.003 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's shortcode execution functionality until a patch is available.