CVE Catalog
CVE-2026-54829
HighCVSS 7.5Summary
CVE-2026-54829 describes an improper neutralization of special elements used in SQL commands, leading to a Blind SQL Injection vulnerability in the WP Photo Album Plus plugin.
Risk Assessment
An attacker could exploit this vulnerability to gain unauthorized access to database data, potentially exposing sensitive information.
Recommendation
It is recommended to update the WP Photo Album Plus plugin to the latest version to mitigate the risks associated with this vulnerability.
Original NVD description (English source)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. This issue affects WP Photo Album Plus: from n/a through 9.1.13.005.

