Vulnerability Details CVE-2024-10958
The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.485
EPSS Ranking 97.7%
CVSS Severity
CVSS v3 Score 7.3
References
- https://plugins.trac.wordpress.org/browser/wp-photo-album-plus/tags/8.8.08.004/wppa-ajax.php#L1238
- https://plugins.trac.wordpress.org/changeset/3184852/
- https://wordpress.org/plugins/wp-photo-album-plus/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/53bb0871-343a-4299-9902-682c422152d1?source=cve
Products affected by CVE-2024-10958
-
cpe:2.3:a:wppa:wp_photo_album_plus:-
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.0.00.024
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.0.01.005
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.0.02.010
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.0.03.006
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.0.04.007
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.0.05.004
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.0.06.004
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.0.07.018
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.0.08.008
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.0.09.003
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.0.10.006
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.1.00.009
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.1.01.005
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.1.02
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.1.02.005
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.1.03
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.1.03.003
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.1.04
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.1.04.004
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.1.05
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.1.05.003
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.1.06
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.1.06.006
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.1.07
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.1.07.004
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.1.08
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.1.08.004
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.1.09
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.1.09.008
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.1.10
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.1.10.005
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.2.01
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.2.01.008
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.2.02
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.2.02.010
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.2.03
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.2.03.006
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.2.04
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.2.04.009
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.2.05
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.2.05.008
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.2.06
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.2.06.006
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.2.07
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.2.07.003
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.2.08
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.2.08.006
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.2.09.103
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.3.01
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.3.01.010
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.3.02
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.3.02.005
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.3.03
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.3.03.009
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.3.04
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.3.04.009
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.3.05
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.3.05.006
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.3.06
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.3.06.003
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.3.07
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.3.07.004
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.4.00
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.4.00.001
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.4.01
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.4.01.008
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.4.02
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.4.02.009
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.4.03.012
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.4.04.003
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.5.01
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.5.01.009
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.5.02
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.5.02.005
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.5.03.012
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.6.01
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.6.01.005
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.6.03.005
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.6.04.009
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.6.05.005
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.7.00.003
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.7.01.003
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.7.02.004
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.7.03.007
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.7.04.005
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.00.001
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.00.002
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.00.003
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.00.004
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.01.001
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.01.002
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.01.003
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.01.004
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.01.005
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.01.006
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.01.007
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.02.001
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.02.002
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.02.003
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.03.001
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.03.002
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.03.003
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.04.001
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.04.002
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.04.003
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.04.004
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.04.005
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.05.001
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.05.003
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.06.001
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.06.002
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.06.003
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.06.004
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.06.005
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.06.006
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.06.007
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.06.008
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.06.009
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.06.010
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.07.001
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.07.002
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.07.003
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.07.004
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.08.001
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.08.002
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.08.003
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.08.004
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.08.006
-
cpe:2.3:a:wppa:wp_photo_album_plus:8.8.08.007