Vulnerability Details CVE-2021-25115
The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable to Stored Cross-Site Scripting (XSS). Error log content was handled improperly, therefore any user, even unauthenticated, could cause arbitrary javascript to be executed in the admin panel.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.7%
CVSS Severity
CVSS v3 Score 6.4
CVSS v2 Score 3.5
References
Products affected by CVE-2021-25115
-
cpe:2.3:a:wppa:wp_photo_album_plus:-
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.0.00.024
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.0.01.005
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.0.02.010
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.0.03.006
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.0.04.007
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.0.05.004
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.0.06.004
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.0.07.018
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.0.08.008
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.0.09.003