CVE-2023-49774 MEDIUM

CVE-2023-49774: WordPress WP Photo Album Plus plugin <= 8.5.02.005 - IP Bypass vulnerability

Vendor J.n. Breetvelt A.k.a. Opajaap
Product WP Photo Album Plus
Weakness CWE-200 · Info exposure
Published June 4, 2024
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.

Key dates

02Disclosure timeline

June 4, 2024 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-26069 Scraparr Readarr Integration exposes sensitive values as metric labels. CVE-2023-49292 Possible private key restoration in go package github.com/ecies/go CVE-2024-29839 Broken Access control on DESKTOP_EDIT_USER_GET_CARD in Evolution Controller allows unauthenticated attackers to retrieve card data values. CVE-2023-0020 CVE-2025-2331 GiveWP – Donation Plugin and Fundraising Platform <= 3.22.1 - Authenticated (Subscriber+) Sensitive Information Exposure