πŸ” CVE Alert

CVE-2026-6379

HIGH 8.6

WP Photo Album Plus < 9.1.11.001 - Unauthenticated SQL Injection via 'wppa-supersearch' Parameter

CVSS Score
8.6
EPSS Score
0.0%
EPSS Percentile
14th

The WP Photo Album Plus WordPress plugin before 9.1.11.001 does not properly sanitize and escape a parameter before using it in a SQL query, allowing unauthenticated users to perform SQL injection attacks.

Vendor unknown
Product wp photo album plus
Published May 18, 2026
Last Updated May 18, 2026
Stay Ahead of the Next One

Get instant alerts for unknown wp photo album plus

Be the first to know when new high vulnerabilities affecting unknown wp photo album plus are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

Unknown / WP Photo Album Plus
0 < 9.1.11.001

References

NVD β†— CVE.org β†— EPSS Data β†—
wpscan.com: https://wpscan.com/vulnerability/60b88fd2-4048-4773-b319-63caaf5bd8eb/

Credits

Daniel PΓΊa - devploit WPScan