CVE-2023-49812

MEDIUM

Wppa WP Photo Album Plus < 8.5.02.005 - IDOR

Title source: rule

Description

Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.

References (1)

Core 1

Core References

Third Party Advisory vdb-entry

https://patchstack.com/database/vulnerability/wp-photo-album-plus/wordpress-wp-photo-album-plus-plugin-8-5-02-005-insecure-direct-object-references-idor-vulnerability?_s_id=cve

Scores

CVSS v3 5.3

EPSS 0.0011

EPSS Percentile 28.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-639

Status published

Products (2)

J.N. Breetvelt a.k.a. OpaJaap/WP Photo Album Plus < 8.5.02.005

wppa/wp_photo_album_plus < 8.5.02.005

Published Dec 19, 2023

Tracked Since Feb 18, 2026