CVE Catalog

CVE-2026-54829

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Summary

CVE-2026-54829 describes an improper neutralization of special elements used in SQL commands, leading to a Blind SQL Injection vulnerability in the WP Photo Album Plus plugin.

Risk Assessment

An attacker could exploit this vulnerability to gain unauthorized access to database data, potentially exposing sensitive information.

Recommendation

It is recommended to update the WP Photo Album Plus plugin to the latest version to mitigate the risks associated with this vulnerability.

Original NVD description (English source)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. This issue affects WP Photo Album Plus: from n/a through 9.1.13.005.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS