CVE-2013-3254
WP Photo Album Plus <5.0.3 - XSS
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the WP Photo Album Plus plugin before 5.0.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the commentid parameter in a wppa_manage_comments edit action.
Scores
EPSS
0.0027
EPSS Percentile
50.3%
Details
CWE
CWE-79
Status
published
Products (4)
wppa.opajaap/wp-photo-album-plus
< 5.0.2
wppa.opajaap/wp-photo-album-plus
wppa.opajaap/wp-photo-album-plus
n/a/n/a
Published
May 10, 2013
Tracked Since
Feb 18, 2026