PT-2026-1560 · WordPress · Wp Photo Album Plus
Published
2026-01-07
·
Updated
2026-01-12
·
CVE-2025-14835
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
WP Photo Album Plus plugin for WordPress versions up to and including 9.1.05.008
Description
The WP Photo Album Plus plugin for WordPress is susceptible to Reflected Cross-Site Scripting through the
shortcode parameter. Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts into pages. Successful exploitation requires tricking a user into performing an action, such as clicking a link, to execute the injected scripts.Recommendations
Update the WP Photo Album Plus plugin to a version later than 9.1.05.008.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp Photo Album Plus