WP Photo Album Plus

Vulnerabilities 32Slug wp-photo-album-plusLatest version 9.1.12.007WordPress.org →

Minimum safe version

9.1.08.002

Update to 9.1.08.002 or later to address 31 fixable vulnerabilities

Latest available9.1.12.007 Affected up to5.4.8
N/A
2026-04-13< 9.1.08.002

WP Photo Album Plus <= 9.1.08.001 - Unauthenticated SQL Injection

WordfenceCVE
High 7.1
2026-01-07< 9.1.05.009

CVE-2025-14835

CVEWordfence
Medium 5.4
2025-10-03< 9.0.11.007

WordPress WP Photo Album Plus Plugin <= 9.0.11.006 is vulnerable to Cross Site Scripting (XSS)

PatchstackWordfenceCVE
High 7.3
2024-11-11< 8.9.01.001

WordPress WP Photo Album Plus Plugin <= 8.8.08.007 is vulnerable to Broken Access Control

PatchstackCVEWordfence
N/A
< 4.2.0

WP Photo Album Plus &lt;= 4.1.1 - SQL Injection

WPScan
N/A
< 4.8.12

WP Photo Album Plus &lt; 4.8.12 - wp-photo-album-plus.php wppa-searchstring XSS

WPScan
N/A
< 5.0.11

WP Photo Album Plus - wp-admin/admin.php edit_id Parameter XSS

WPScan
N/A
< 4.9.3

WP Photo Album Plus - index.php wppa-tag Parameter XSS

WPScan
N/A
< 4.9.1

WP Photo Album Plus - Full Path Disclosure

WPScan
N/A
< 5.4.8

WP Photo Album Plus 5.4.5 - 5.4.8 Stored XSS

WPScan
N/A
< 5.4.5

WP Photo Album Plus 5.4.4 &amp; 5.4.3 Cross-Site Scripting (XSS)

WPScan
N/A
2014-09-17≥ 5.4.5 and ≤ 5.4.8

WP Photo Album Plus <= 5.4.7 - Stored Cross-Site Scripting

Wordfence
N/A
2011-10-15< 4.1.2

WordPress Photo Album Plus Plugin <= 4.1.1 - SQL Injection

Patchstack
N/A
2015-05-15< 4.8.12

WordPress WP Photo Album Plus Plugin <= 4.8.11 - XSS

Patchstack
N/A
2015-05-15< 5.4.9

WordPress WP Photo Album Plus Plugin <= 5.4.8 - Stored XSS

Patchstack
N/A
2015-05-15< 5.0.11

WordPress WP Photo Album Plus Plugin <= 5.0.10 - XSS

Patchstack
N/A
2015-05-15< 4.9.3

WordPress WP Photo Album Plus Plugin <= 4.9.2 - XSS

Patchstack
N/A
2015-10-18< 4.9.1

WordPress WP Photo Album Plus Plugin <= 4.9.0 - Full Path Disclosure

Patchstack
N/A
2016-06-19< 5.4.5

WordPress WP Photo Album Plus Plugin <= 5.4.4 - Cross Site Scripting

Patchstack