CVE-2024-31286

CRITICAL EXPLOITED

J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus <8.6.03.005 - Unr...

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2024-31286 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a before 8.6.03.005.

References (1)

Core 1

Scores

CVSS v3 9.9
EPSS 0.0061
EPSS Percentile 70.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

VulnCheck KEV 2026-05-04
CWE
CWE-434
Status published
Products (1)
J.N. Breetvelt a.k.a. OpaJaap/WP Photo Album Plus < 8.6.03.005
Published Apr 07, 2024
Tracked Since Feb 18, 2026