EIP-2026-114224

PRE-CVE

WordPress Plugin WP Photo Album - 'photo' SQL Injection

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114224. PoCs published by THE_MILLER.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in the WordPress WP Photo Album (WPPA) plugin. It allows an attacker to extract user credentials from the database by manipulating the 'photo' parameter in the URL.

Description

WordPress Plugin WP Photo Album - 'photo' SQL Injection

Exploits (1)

exploitdb WORKING POC VERIFIED
by THE_MILLER · textwebappsphp
https://www.exploit-db.com/exploits/31776

This exploit demonstrates an SQL injection vulnerability in the WordPress WP Photo Album (WPPA) plugin. It allows an attacker to extract user credentials from the database by manipulating the 'photo' parameter in the URL.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: WordPress WP Photo Album (WPPA) plugin
No auth needed
Prerequisites: WordPress installation with WPPA plugin · Access to the plugin's photo gallery page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026