{"containers": {"cna": {"affected": [{"product": "WP Photo Album Plus", "vendor": "Unknown", "versions": [{"lessThan": "8.0.10", "status": "affected", "version": "8.0.10", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Krzysztof Zaj\u0105c"}], "descriptions": [{"lang": "en", "value": "The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable to Stored Cross-Site Scripting (XSS). Error log content was handled improperly, therefore any user, even unauthenticated, could cause arbitrary javascript to be executed in the admin panel."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-02-14T09:20:55.000Z", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/dbc18c2c-7547-44fc-8a41-c819757e47a7"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://plugins.trac.wordpress.org/changeset/2655859/wp-photo-album-plus"}], "source": {"discovery": "EXTERNAL"}, "title": "WP Photo Album Plus < 8.0.10 - Stored Cross-Site Scripting (XSS)", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-25115", "STATE": "PUBLIC", "TITLE": "WP Photo Album Plus < 8.0.10 - Stored Cross-Site Scripting (XSS)"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WP Photo Album Plus", "version": {"version_data": [{"version_affected": "<", "version_name": "8.0.10", "version_value": "8.0.10"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Krzysztof Zaj\u0105c"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable to Stored Cross-Site Scripting (XSS). Error log content was handled improperly, therefore any user, even unauthenticated, could cause arbitrary javascript to be executed in the admin panel."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/dbc18c2c-7547-44fc-8a41-c819757e47a7", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/dbc18c2c-7547-44fc-8a41-c819757e47a7"}, {"name": "https://plugins.trac.wordpress.org/changeset/2655859/wp-photo-album-plus", "refsource": "CONFIRM", "url": "https://plugins.trac.wordpress.org/changeset/2655859/wp-photo-album-plus"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:56:10.439Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/dbc18c2c-7547-44fc-8a41-c819757e47a7"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://plugins.trac.wordpress.org/changeset/2655859/wp-photo-album-plus"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-25115", "datePublished": "2022-02-14T09:20:55.000Z", "dateReserved": "2021-01-14T00:00:00.000Z", "dateUpdated": "2024-08-03T19:56:10.439Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wppa:wp_photo_album_plus:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "55FBDD67-8378-486D-81C4-417FD508D190", "versionEndExcluding": "8.0.10.006", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable to Stored Cross-Site Scripting (XSS). Error log content was handled improperly, therefore any user, even unauthenticated, could cause arbitrary javascript to be executed in the admin panel."}, {"lang": "es", "value": "El plugin WP Photo Album Plus de WordPress versiones anteriores a 8.0.10, era vulnerable a un ataque de tipo Cross-Site Scripting (XSS) Almacenado. El contenido del registro de errores era manejado inapropiadamente, por lo que cualquier usuario, incluso no autenticado, pod\u00eda causar una ejecuci\u00f3n de javascript arbitrario en el panel de administraci\u00f3n"}], "id": "CVE-2021-25115", "lastModified": "2026-03-20T18:34:03.680", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-14T12:15:15.490", "references": [{"source": "contact@wpscan.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/changeset/2655859/wp-photo-album-plus"}, {"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/dbc18c2c-7547-44fc-8a41-c819757e47a7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/changeset/2655859/wp-photo-album-plus"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/dbc18c2c-7547-44fc-8a41-c819757e47a7"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "contact@wpscan.com", "type": "Secondary"}]}

{}

{}