Vulnerabilities > CVE-2021-25115 - Unspecified vulnerability in WP Photo Album Plus Project WP Photo Album Plus

047910
CVSS 6.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
wp-photo-album-plus-project

Summary

The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable to Stored Cross-Site Scripting (XSS). Error log content was handled improperly, therefore any user, even unauthenticated, could cause arbitrary javascript to be executed in the admin panel.

Vulnerable Configurations

Part Description Count
Application
Wp_Photo_Album_Plus_Project
97