PatchSiren

WP Photo Album Plus CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH WP Photo Album Plus CVE published 2026-05-18

CVE-2026-6379

WP Photo Album Plus, a WordPress plugin, contains an unauthenticated SQL injection vulnerability in versions prior to 9.1.11.001. The flaw stems from improper sanitization and escaping of a parameter used in a SQL query, allowing remote attackers to manipulate database queries without authentication. The CVSS 3.1 score of 8.6 (HIGH) reflects network attack vector, low attack complexity, no privileges requ [truncated]