Photo Album Plugin Vulnerabilities 9comments
Jeff Chandler 
Thanks for visiting! If you're new here, you may want to subscribe to our RSS feed. This blog posts regular Wordpress news, updates of themes, plugins, ideas, hacks, quick fixes and everything about blogging, especially about Wordpress. Go ahead, subscribe to our feed! You can also receive updates from this blog via email.
S@BUN is at it again, this time, reporting multiple SQL Injection Vulnerabilities within the Photo Album plugin for WordPress. According to the security bulletin:
Multiple vulnerabilities have been identified in Photo Album (plugin for WordPress), which could be exploited by remote attackers to execute arbitrary SQL queries. These issues are caused by input validation errors in the “wppa.php” script when passing user-supplied parameters (e.g. “photo” or “album”) to certain functions (e.g. “wppa_album_name()” or “wppa_photo_name()”), which could be exploited by malicious people to conduct SQL injection attacks.
Multiple security advisory services places this round of vulnerabilities as a Moderate Risk. For example, FrSIRT describes the Moderate risk as being:
Remotely and locally exploitable flaws, which could lead to denial of Service or privilege escalation.
Versions 1.1 and prior of this plugin are vulnerable. As always, it is recommended that you disable this plugin until a patch for it is released.
[EDIT] Version 1.1 is a fix for this vulnerability. Versions 1.0 and prior might be vulnerable.
Powered by 
Designed by 
