The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable to Stored Cross-Site Scripting (XSS). Error log content was handled improperly, therefore any user, even unauthenticated, could cause arbitrary javascript to be executed in the admin panel.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2022-02-14T09:20:55
Updated: 2024-08-03T19:56:10.439Z
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-25115
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-02-14T12:15:15.490
Modified: 2024-11-21T05:54:22.870
Link: CVE-2021-25115
Redhat
No data.