Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Mon, 18 May 2026 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Mon, 18 May 2026 10:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Wordpress
Wordpress wordpress Wp Photo Album Plus Project Wp Photo Album Plus Project wp Photo Album Plus |
|
| Vendors & Products |
Wordpress
Wordpress wordpress Wp Photo Album Plus Project Wp Photo Album Plus Project wp Photo Album Plus |
Mon, 18 May 2026 08:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-89 |
Mon, 18 May 2026 06:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The WP Photo Album Plus WordPress plugin before 9.1.11.001 does not properly sanitize and escape a parameter before using it in a SQL query, allowing unauthenticated users to perform SQL injection attacks. | |
| Title | WP Photo Album Plus < 9.1.11.001 - Unauthenticated SQL Injection via 'wppa-supersearch' Parameter | |
| References |
|
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2026-05-18T13:38:36.731Z
Reserved: 2026-04-15T17:43:43.278Z
Link: CVE-2026-6379
Updated: 2026-05-18T13:38:33.381Z
Status : Deferred
Published: 2026-05-18T07:16:12.590
Modified: 2026-06-17T11:00:45.100
Link: CVE-2026-6379
No data.
OpenCVE Enrichment
Updated: 2026-05-18T16:00:15Z