WordPress WP Photo Album Plus plugin

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection.

This issue affects WP Photo Album Plus: from n/a through 9.1.13.005.

Basic Information

ID CVE-2026-54829

Source Patchstack

Published Jun 25, 2026 at 13:25

Modified Jun 25, 2026 at 13:57

Affected Product

Vendor Jacob N. Breetvelt

Product WP Photo Album Plus

Version n/a

Affected Versions Jacob N. Breetvelt WP Photo Album Plus n/a

CWE Classification

CWE-89

References

patchstack.com /database/wordpress/plugin/wp-photo-album-plus/vulnerability/wordpress-wp-photo-album-plus-plugin-9-1-13-005-sql-injection-vulnerability

{
    "lastseen": "",
    "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection.\n\nThis issue affects WP Photo Album Plus: from n/a through 9.1.13.005.",
    "published": "2026-06-25T13:25:31.337Z",
    "modified": "2026-06-25T13:57:55.095Z",
    "type": "cve",
    "title": "WordPress WP Photo Album Plus plugin <= 9.1.13.005 - SQL Injection vulnerability",
    "source": "Patchstack",
    "references": "https://patchstack.com/database/wordpress/plugin/wp-photo-album-plus/vulnerability/wordpress-wp-photo-album-plus-plugin-9-1-13-005-sql-injection-vulnerability?_s_id=cve",
    "id": "CVE-2026-54829",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "Jacob N. Breetvelt WP Photo Album Plus n/a",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WP Photo Album Plus",
    "version": "n/a",
    "vendor": "Jacob N. Breetvelt",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

WordPress WP Photo Album Plus plugin <= 9.1.13.005 - SQL Injection vulnerability_CVE-2026-54829